FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 198637


A remote Windows 7 L2TP IPSec user may receive the following error message when trying to make a connection:
Error: 789 "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer".
This article explains a possible cause of error message and how to configure the FortiGate to prevent it occuring.


All FortiOS users with Windows 7 clients


Windows 7 quick mode implementation requires that the lifetime proposal matches the locally configured values. The default values on a Windows 7 OS for the lifetime proposal are 3600s/250000kbps.

To match this with the FortiGate, the following parameters in the IPSec phase 2 settings must be configured:

config vpn ipsec phase2
edit "dialup_lt2p_phase2"
set keylife-type both
set keylifekbs 250000
set keylifeseconds 3600