Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

VPN wizard change remote subnet

Hi,

I have created vpn for native windows client during a setup I chose subnet range for a client, now I need to change that settings but I don't see that setting in tunnel settings, even in CLI I don't see this, where it is applied?

 

 

Router (VPN_ipsec) # get
name                : VPN_ipsec
type                : dynamic
interface           : port24
ip-version          : 4
ike-version         : 1
local-gw            : 0.0.0.0
keylife             : 86400
authmethod          : psk
mode                : main
peertype            : any
net-device          : disable
exchange-interface-ip: disable
mode-cfg            : disable
proposal            : aes256-md5 3des-sha1 aes192-sha1
add-route           : enable
localid             :
localid-type        : auto
negotiate-timeout   : 30
fragmentation       : enable
ip-fragmentation    : post-encapsulation
dpd                 : on-demand
forticlient-enforcement: disable
comments            : VPN:
npu-offload         : enable
dhgrp               : 2
suite-b             : disable
wizard-type         : dialup-windows
xauthtype           : disable
idle-timeout        : disable
ha-sync-esp-seqno   : enable
auto-discovery-sender: disable
auto-discovery-receiver: disable
auto-discovery-forwarder: disable
nattraversal        : enable
rekey               : enable
enforce-unique-id   : disable
fec-egress          : disable
fec-ingress         : disable
default-gw          : 0.0.0.0
default-gw-priority : 0
tunnel-search       : selectors
psksecret           : *
keepalive           : 10
distance            : 15
priority            : 0
dpd-retrycount      : 3
dpd-retryinterval   : 20

 

 

 

 

11 REPLIES 11
Tutek
Contributor

This is strange, with setting "set enforce-ipsec disabled"

-when on windows native client I leave ipsec type as Automatic - then connection is established but with not encryption only ms-chap-2.

-when on native windows client I choose ipsec as l2tp/ipsec with pre shared key and then insert key - connection is established with ipsec encryption 3des.

-If on fortigate I change l2tp settings to "set enforce-ipsec enabled" I cannot more connect in either way.

vsahu

Can you take the debug and reproduce the issue for all the scenarios

 

diagnose debug reset
diagnose debug disable

diagnose debug application ike -1

diagnose debug application l2tp -1

diagnose debug enable


Regards,
Vishal
Labels
Top Kudoed Authors