- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Cannot Access outlook with IPSec VPN
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 02-17-2010 09:58 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cannot Access outlook with IPSec VPN
Hi All,
Having issues in accessing the outlook when connected to IPSec VPN. I can ping the exchange server with IP and name and access other resources behind the Fortigate except this outlook issue. This was working fine before and stopped after upgrading the firmware.
Any solution or workaround is appreciated.
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi for_tech,
Welcome to the forums.
Can you please start by stating the firmware upgrade you were at, and where you are at now (after the upgrade).
Also can you please list how you have defined your IPSec configuration, and any policies you have in place controlling the traffic between the IPSec tunnel and the interface your Outlook is behind.
Also how to you access Outlook? Is it OWA over HTTPS?
Fortigate 1000A
v4.0,build194,100121 (MR1 Patch 4)
Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a same problem.
both side using fortigate 80c. v4.0,build0194,100121 (MR1 Patch 3)
Protection Profile : NO
Traffic Shaping : YES
ping exchange server is ok. other services ok also.
webmail(exchange) also ok
but cannot access outlook.
i found the error message :
2010-02-25 18:11:52 log_id=0101037132 type=event subtype=ipsec pri=critical fwver=040003 vd=" root" msg=" IPsec ESP" action=" error" rem_ip=219.93.13.94 loc_ip=218.208.16.30 rem_port=500 loc_port=500 out_intf=" wan1" cookies=" 931d7735a1dbb530/559a4123940dce9b" user=" N/A" group=" N/A" xauth_user=" N/A" xauth_group=" N/A" vpn_tunnel=" KLANG" status=esp_error error_num=Invalid ESP packet detected (replayed packet). spi=19bf5862 seq=00037f8c
1 2010-02-25 18:25:42 critical ipsec 37132 error IPsec ESP
2 2010-02-25 18:11:52 critical ipsec 37132 error IPsec ESP
3 2010-02-25 18:08:02 critical ipsec 37132 error IPsec ESP
4 2010-02-25 18:07:38 critical ipsec 37132 error IPsec ESP
5 2010-02-25 17:59:05 critical ipsec 37132 error IPsec ESP
6 2010-02-25 17:58:20 critical ipsec 37132 error IPsec ESP
7 2010-02-25 17:47:32 critical ipsec 37132 error IPsec ESP
8 2010-02-25 17:42:28 critical ipsec 37132 error IPsec ESP
9 2010-02-25 17:40:18 critical ipsec 37132 error IPsec ESP
10 2010-02-25 17:34:07 critical ipsec 37132 error IPsec ESP
11 2010-02-25 17:33:12 critical ipsec 37132 error IPsec ESP
12 2010-02-25 17:24:07 critical ipsec 37132 error IPsec ESP
----------------------------------------------------------------------
------------------------------------------------------------------------
vpn setting - 219.93.13.94
config vpn ipsec phase1
edit " FPSP"
set interface " wan1"
set proposal 3des-sha1 3des-md5
set remote-gw 218.208.16.30
set psksecret ENC ZTJ/Yx89+ErWAqj4oI0tKKjixh72ckt9H3waat/fkk4au+yAJWpc5QOlfKQ/OkyJy/Zk6tz8+Xg8mW6l0OZN4Zo9kY24Lkc8+pCiBaZ2nASeY2B8
next
end
config vpn ipsec phase2
edit " FPSP"
set keepalive enable
set phase1name " FPSP"
set proposal 3des-sha1 3des-md5
set dst-subnet 192.1.4.0 255.255.255.0
set src-subnet 192.1.1.0 255.255.255.0
next
end
-----------------------------------------------------------------
vpn setting - 218.208.16.30
config vpn ipsec phase1
edit " KLANG"
set interface " wan1"
set proposal 3des-sha1 3des-md5
set remote-gw 219.93.13.94
set psksecret ENC bEJlGuehE9SgbsZoQJhj25Z6bb3EjGPGDkLnwdrHIE03fcwPXFQglzQLZuVSDSVvpSjdlkBOSR8FDiybs2QM5AXgxAfN7lGsYjSUUqsQ5xAEroar
next
end
config vpn ipsec phase2
edit " KLANG"
set keepalive enable
set phase1name " KLANG"
set proposal 3des-sha1 3des-md5
set dst-subnet 192.1.1.0 255.255.255.0
set src-subnet 192.1.4.0 255.255.255.0
next
end
----------------------------------------------------------------
Not applicable
Created on 02-25-2010 03:55 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
google similiar problem.
http://www.itsyourip.com/Windows/how-to-fix-exchange-outlook-connection-issues-over-ipsec-vpn/
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anybody have solution for this on Fortigate? The link on reference Juniper.
Thanks,
Not applicable
Created on 03-07-2010 02:48 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1 2010-02-25 18:25:42 critical ipsec 37132 error IPsec ESPIts something related with the Ipsec ESP error. An IPSec ESP notifcation. The error_num field contains one of the following: • esp err generic – Invalid ESP packet detected • esp err hmacl – Invalid ESP packet detected (HMAC validation failed) • esp err padding – Invalid ESP packet detected (invalid padding) • esp err padlen – Invliad ESP packet detected (invalid padding length) so double check the conf, or you may need tweak the conf again. IPSec site - to - site VPN Define the phase 1 parameters To define the phase 1 parameters - Go to VPN > IPSEC > Phase 1. - Select Create New, enter the following information, and select OK: Gateway Name Type a name for the remote gateway Remote Gateway: Static IP Address IP Address : remote FG external IP address Mode: Main Authentication Method: Preshared Key Pre-shared Key: Enter the preshared key. Peer Options Accept any peer ID Define the phase 2 parameters - Go to VPN > IPSEC > Phase 2. 2- Select Create New, enter the following information and select OK: Tunnel Name: Enter a name for the tunnel Phase 1 : Select the gateway that defined previously To define the IP source and destination addresses - Go to Firewall > Address > Address. - Select Create New Address Name: Enter an address name (source or destination) IP Range/Subnet: Enter the IP address of the network - Create the same for the destination address. Create a firewall policy from internal (define the created source address) to external (define the destination address) as IPSec with allow inbound and outbound access. - Apply the settings - Create the same settings on the second FG Monitor the IPSec Connection and bring to up. cheers,
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Site to site VPN work perfectly fine. The only problem we encounter is dial up VPN. Everything work perfect fine with the exception of Outlook client can' t communicate with the exchange server.
Not applicable
Created on 03-08-2010 10:09 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ah, can you please check the split tunneling for the ipsec mobile vpn??
sound like there is something that not communicating with the smtp server.
have you recently changed smtp server settings something like isolate smtp from the current network??
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We don' t use the split tunnel mode. Also there are no change to the setting on exchange server. The only change is that we upgrade to 4.0 MR1 patch3 (194).
All traffic seem to work well under this firmware with the exception of outlook client.
Not applicable
Created on 03-08-2010 10:26 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe that you can ping the exchange server from the ipsec vpn,
while upgrading the firmware did you follow the release notes???
- have you try to revert the firmware to the previous version?
Related Posts
- Fortianalyzer SSH still accessible on HA... 32 Views
- SNMP don't response traffic 168 Views
- Fortigate Not Receiving Public IP from... 84 Views
- 7.4 Trial VM License? 64 Views
- NAC - wired switchport default VLANs... 74 Views
Labels
-
FortiGate
6,923 -
FortiClient
1,365 -
5.2
801 -
5.4
639 -
FortiManager
598 -
FortiAnalyzer
437 -
6.0
416 -
5.6
362 -
FortiAP
361 -
FortiSwitch
357 -
FortiClient EMS
280 -
FortiMail
269 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
168 -
6.4
128 -
FortiNAC
122 -
FortiGuard
111 -
IPsec
97 -
FortiGateCloud
91 -
FortiSIEM
91 -
SSL-VPN
85 -
FortiCloud Products
85 -
FortiToken
75 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
48 -
FortiADC
45 -
FortiEDR
42 -
SD-WAN
41 -
Fortivoice
41 -
FortiDNS
37 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
VLAN
27 -
High Availability
27 -
FortiAuthenticator
26 -
FortiConnect
24 -
FortiWAN
23 -
ZTNA
21 -
FortiConverter
21 -
FortiGate v5.2
19 -
DNS
19 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
SAML
17 -
LDAP
17 -
Certificate
17 -
BGP
16 -
VDOM
16 -
FortiMonitor
14 -
Interface
14 -
Logging
14 -
Authentication
13 -
FortiGate v5.0
13 -
FortiLink
13 -
Routing
13 -
FortiDDoS
13 -
FortiCASB
12 -
NAT
11 -
RADIUS
10 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Fortigate Cloud
9 -
4.0MR2
9 -
SSID
8 -
FortiBridge
8 -
WAN optimization
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
IP address management - IPAM
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Traffic shaping policy
6 -
Web application firewall profile
6 -
Proxy policy
5 -
Packet capture
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Antivirus profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 986 | |
| 821 | |
| 457 | |
| 440 | |
| 131 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.