opocta
Staff
Created on 04-20-2015 02:33 AM Edited on 01-04-2022 12:53 PM By Anonymous
Article Id
192637
Description
L2TP over IPsec is prone to failures and disconnection due to data compression if MS CHAP is used as authentication protocol and if packets are coming to FortiGate unit out of order. This is observed especially with higher amount of traffic flowing through the tunnel, typically RDP connections.
Solution
To resolve this issue disable MS CHAP on client (usually MS Windows).
MS Windows 7 - go to connection properties of L2TP/IPsec tunnel and select Security tab. Disable MS CHAP as shown below. There is no configuration change needed on the FortiGate side.
MS Windows 7 - go to connection properties of L2TP/IPsec tunnel and select Security tab. Disable MS CHAP as shown below. There is no configuration change needed on the FortiGate side.
Labels: