FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to troubleshoot if the CISCO unity VPN client is causing problems or any conflict to connecting the dial-up VPN with FortiClient in Windows.
Scope
FortiGate, FortiClient, WinOS.
Solution
The endpoint can be configured with multiple VPN Clients. Once the FortiClient is configured in the endpoint, it works with the Windows OS web socket. Once the dial-up VPN is configured in FortiGate, but the FortiClient is not connecting to the user and credentials, the IKE debug has to be taken.
If the following output is found in the debug report, it can be considered that the CISCO UNITY VPN client is being configured in the Windows workstation.
ike V=root:0:869f66bd00c82fc4/0000000000000000:86335: responder: aggressive mode get 1st message... ike V=root:0:869f66bd00c82fc4/0000000000000000:86335: VID CISCO-UNITY 12F5F28C457168A9702D9FE274CC0100 <----
ike V=root:0::86335: received peer identifier FQDN '5656' ike V=root:0: IKEv1 Aggressive, comes 78.66.43.50:500->178.174.162.164 6 ike V=root:0:869f66bd00c82fc4/0000000000000000:86335: trans_id = KEY_IKE. ike V=root:0:869f66bd00c82fc4/0000000000000000:86335: encapsulation = IKE/none
ike V=root:0:H24-VPN:86335: DPD negotiated ike V=root:0:H24-VPN:86335: XAUTHv6 negotiated ike V=root:0:H24-VPN:86335: peer supports UNITY <--- ike V=root:0:H24-VPN:86335: enable FortiClient license check ike V=root:0:H24-VPN:86335: FEC vendor ID received FEC but IP not set
In this situation, two VPN clients might have issues using the web socket port, and one of the VPN clients needed to be uninstalled. To use the FortiClient, the other VPN client is recommended to be turned off or uninstalled from that endpoint to connect to the dial-up VPN.
