PurposeThis article explains how to access features for FortiClient users when the Mode config option is disabled on a dialup client-to-site IPSec VPN tunnel.ScopeForticlient IPSec tunnel configuration.Expectations, Requirements- Forticlient with IPSec VPN configuration used to connect to Fortigate
- Mode-config option is disabled the IPSec tunnel on Fortigate side.
ConfigurationThe solution is to enable these features from Forticlient side by editing the tunnel settings from Forticlient configuration. 1) Download Forticlient configuration backup (XML file) from Forticlient settings.2) Open the file using a text editor (NotePad++).3) Search for the IPSec tunnel name.4) Change the values of the features that should be enabled to 1.
5) Example of editing the IPSec tunnel (IPSEC_TUNNEL_1) The options are in bold text. Other irrelevant parts of the configuration are removed for simplicity:
.
.
</options>
<connections>
<connection>
<name>IPSEC_TUNNEL_1</name>
<single_user_mode>0</single_user_mode>
<type>manual</type>
<ui>
<show_passcode>0</show_passcode>
<show_remember_password>0</show_remember_password>
<show_alwaysup>0</show_alwaysup>
<show_autoconnect>0</show_autoconnect>
<save_username>0</save_username>
</ui>
<ike_settings>
.
.
</ike_settings>
<ipsec_settings>
</ipsec_settings>
</connection>
</connections>
</ipsecvpn>