Hello,

we just changed a FG cluster and we have FG90G with 7.4.7. I know that 7.4.8 does not support SSL VPN anymore so I guess we have no other option than changing from SSL VPN to IPSec.

I am trying to build up the IPSec connection same way like the SSL VPN but I cant connect. Of course standard IPSec DialUp connection is easy and always works but since we have a lot of Groups and I want to control them with Policies I dont get it running.

Incomming Interface is clear, the same and I know that it doesnt block any traffic

Client address range I use the same object SSL VPN range

Accessible Networks all since I also have to route them to Azure and our VPNs (like SSL VPN)

PSK I checked many times, this is 100% correct

XAUTH Inherit from Policy

So in the IPSec to LAN policy I just copied from SSL VPN the same range and my TEST User, destination and service all.

I try to connect but I get in the Client a failure of wrong credentials and than VPN connection failed, check configuration and network. Diag Sniffer on the FG and my public IP I see incommung UDP 500 and 4500 but nothing more.

In the FG I get Action negotiate , Status failure , Result XAUTH authentication failed

When i change the XAUTH and put a user Group with my Test User I get another failure delete IPsec phase 1 SA

Am I missing something since this was always an easy task?

Thanks!