Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MISLuke
New Contributor

Cisco VPN with fortinet 200B

Hi, I am trying to setup a cisco vpn client version 5 to communciate with my fortinet 200B. But i get this error " negotiation failure ike Negotiate SA Error: ike ike [1074] ike 0:ciscovpn:15: no SA proposal chosen no SA proposal chosen" my phase 1 setup is 3DES-SHA1, group 5, xauth " enable as server" my phase 2 setup is 3DES-SHA1, group 2, enable replay, enable pfs. dialup clients are using 192.168.254.1-100 with subnet mask 255.255.255.0 internal lan is 192.168.10x.x with subnet mask 255.255.252.0 public ip of firewall is 202.x.x.x and able to ping and access https from internet to the public ip of firewall
Luke Low
Luke Low
22 REPLIES 22
MISLuke
New Contributor

I can only ping to .104.5 & 104.17. 104.206 is dead. that should not be happening as my firewall policy opens to the entire range of 104.0/22 from the log, POP3 seems to be working but there is no pop up to key in password when i use my thunderbird. Am I missing something here on cisco vpn on fortigate?
Luke Low
Luke Low
ede_pfau
Esteemed Contributor III

Check the host with IP .104.206 for personal firewall settings. This is for 99% not firewall related. Same with POP3: can you get mails? Have you deleted the (presumably) stored password in TB?

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
MISLuke

For POP3 I cannot get any emails. And no I do not stored the password inside TB. I have to key in every time i on TB. As for the host 104.206, if I log in via PPTP, there is no issues. I forgot to mention that i am running split tunneling.
Luke Low
Luke Low
Top Kudoed Authors