Hi,
I have created vpn for native windows client during a setup I chose subnet range for a client, now I need to change that settings but I don't see that setting in tunnel settings, even in CLI I don't see this, where it is applied?
Router (VPN_ipsec) # get
name : VPN_ipsec
type : dynamic
interface : port24
ip-version : 4
ike-version : 1
local-gw : 0.0.0.0
keylife : 86400
authmethod : psk
mode : main
peertype : any
net-device : disable
exchange-interface-ip: disable
mode-cfg : disable
proposal : aes256-md5 3des-sha1 aes192-sha1
add-route : enable
localid :
localid-type : auto
negotiate-timeout : 30
fragmentation : enable
ip-fragmentation : post-encapsulation
dpd : on-demand
forticlient-enforcement: disable
comments : VPN:
npu-offload : enable
dhgrp : 2
suite-b : disable
wizard-type : dialup-windows
xauthtype : disable
idle-timeout : disable
ha-sync-esp-seqno : enable
auto-discovery-sender: disable
auto-discovery-receiver: disable
auto-discovery-forwarder: disable
nattraversal : enable
rekey : enable
enforce-unique-id : disable
fec-egress : disable
fec-ingress : disable
default-gw : 0.0.0.0
default-gw-priority : 0
tunnel-search : selectors
psksecret : *
keepalive : 10
distance : 15
priority : 0
dpd-retrycount : 3
dpd-retryinterval : 20
This is strange, with setting "set enforce-ipsec disabled"
-when on windows native client I leave ipsec type as Automatic - then connection is established but with not encryption only ms-chap-2.
-when on native windows client I choose ipsec as l2tp/ipsec with pre shared key and then insert key - connection is established with ipsec encryption 3des.
-If on fortigate I change l2tp settings to "set enforce-ipsec enabled" I cannot more connect in either way.
Can you take the debug and reproduce the issue for all the scenarios
diagnose debug reset
diagnose debug disable
diagnose debug application ike -1
diagnose debug application l2tp -1
diagnose debug enable
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.