VPN IPsec cannot connect on one specific user

Question

Hi.

I've set IPsec VPN for the entire company and all the users except from one are connecting with no problems.

this user had the problem with an older PC.

i replace him with a new one and all worked good for a while.

we came back after two weeks and have the same issue with the new one.

the settings are right and in logs you can see he is successful connecting and disconnecting after a sec,

from the user FortiClient it seems like the connection is taking too long.

he get a massage the connection is timeout.
what to do about that?

slovepreet · Answer

You can run the debug when trying to connect on the FortiGate

di vpn ike log filter rem-addr4 x.x.x.x <-----Public IP address of the client
diagnose debug application ike -1
diagnose debug enable

Then, based on the output, you should be able to see if it's a client-side error or a FortiGate side. Although it seems very much a client-side issue and usually by changing the FortiClient version, you might be able to fix that, this is how you can download a different version. https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-download-different-or-old-versions-of/ta-p/285874

I hope this helps.

Sign up