Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Albimatta
New Contributor

Client VPN IPSEC with FortiClient fail

Hi at all,

I create a VPN IPSEC for FortiClient:

Screenshot 2023-10-27 115724.pngScreenshot 2023-10-27 115752.pngScreenshot 2023-10-27 115812.pngScreenshot 2023-10-27 115852.png
And this is the client configuration:
Screenshot 2023-10-27 120421.png
But the connection fail every time
 
I have enabled the debug log:

ike 0: comes ClientIP:1011->FortiGateIPWAN:500,ifindex=8,vrf=0....
ike 0: IKEv1 exchange=Aggressive id=2b2bdae897a15850/0000000000000000 len=508 vrf=0
ike 0: in 2B2BDAE897A1585000000000000000000110040000000000000001FC04000064000000010000000100000058010100020300002801010000800B0001000C00040001518080010007800E00808003000180020002800400050000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C49C29F77BADE5D43553C169BA2D54B30BB02C97B23EFFD1A8E6B53C663533F691F737045EBEE9F10483E173BAFFBA1EBED566AA0A81BF0EADB45B86D183F5839598F7B2FD23CAB766B358B537275DEDDE52A0CF4CAC22E0A84039FD27F15ED1D45D97CC0F46296A4C0B3461D509C1E74FC92A427AC11A48DFFAA82F85F7D54B9C64B066B072DE2100BFF3045364E54C57D07F50E0009BF4342A6DFB6EFA3C1A339D201E1D4893C598DB9E6A37BB7BC3E080B2BF16B1A6E0CB7331CCD4E6C3751405000014857E578C3B498EF7A50D38306E30A8C50D00000C01000000C0A86F6A0D00001412F5F28C457168A9702D9FE274CC01000D0000144A131C81070358455C5728F20E95452F0D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000144C53427B6D465D1B337BB755A37A7FEF00000014B4F01CA951E9DA8D0BAFBBD34AD3044E
ike 0:2b2bdae897a15850/0000000000000000:7007: responder: aggressive mode get 1st message...
ike 0:2b2bdae897a15850/0000000000000000:7007: VID CISCO-UNITY 12F5F28C457168A9702D9FE274CC0100
ike 0:2b2bdae897a15850/0000000000000000:7007: VID RFC 3947 4A131C81070358455C5728F20E95452F
ike 0:2b2bdae897a15850/0000000000000000:7007: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448
ike 0:2b2bdae897a15850/0000000000000000:7007: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
ike 0:2b2bdae897a15850/0000000000000000:7007: VID draft-ietf-ipsra-isakmp-xauth-06.txt 09002689DFD6B712
ike 0:2b2bdae897a15850/0000000000000000:7007: VID DPD AFCAD71368A1F1C96B8696FC77570100
ike 0:2b2bdae897a15850/0000000000000000:7007: VID forticlient connect license 4C53427B6D465D1B337BB755A37A7FEF
ike 0:2b2bdae897a15850/0000000000000000:7007: VID Fortinet Endpoint Control B4F01CA951E9DA8D0BAFBBD34AD3044E
ike 0::7007: peer identifier IPV4_ADDR 192.168.111.106
ike 0: IKEv1 Aggressive, comes ClientIP:1011->FortiGateIPWAN 8
ike 0:2b2bdae897a15850/0000000000000000:7007: negotiation result
ike 0:2b2bdae897a15850/0000000000000000:7007: proposal id = 1:
ike 0:2b2bdae897a15850/0000000000000000:7007: protocol id = ISAKMP:
ike 0:2b2bdae897a15850/0000000000000000:7007: trans_id = KEY_IKE.
ike 0:2b2bdae897a15850/0000000000000000:7007: encapsulation = IKE/none
ike 0:2b2bdae897a15850/0000000000000000:7007: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=256
ike 0:2b2bdae897a15850/0000000000000000:7007: type=OAKLEY_HASH_ALG, val=SHA2_256.
ike 0:2b2bdae897a15850/0000000000000000:7007: type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:2b2bdae897a15850/0000000000000000:7007: type=OAKLEY_GROUP, val=MODP1536.
ike 0:2b2bdae897a15850/0000000000000000:7007: ISAKMP SA lifetime=86400
ike 0:2b2bdae897a15850/0000000000000000:7007: SA proposal chosen, matched gateway IPSEC Site
ike 0:IPSEC Site: created connection: 0x8a93f90 8 FortiGateIPWAN->ClientIP:1011.
ike 0:IPSEC Site: HA start as master
ike 0:IPSEC Site:7007: DPD negotiated
ike 0:IPSEC Site:7007: XAUTHv6 negotiated
ike 0:IPSEC Site:7007: peer supports UNITY
ike 0:IPSEC Site:7007: enable FortiClient license check
ike 0:IPSEC Site:7007: enable FortiClient endpoint compliance check, use 169.254.1.1
ike 0:IPSEC Site:7007: selected NAT-T version: RFC 3947
ike 0:IPSEC Site:7007: cookie 2b2bdae897a15850/49b30d437196aa60
ike 0:IPSEC Site:7007: ISAKMP SA 2b2bdae897a15850/49b30d437196aa60 key 32:535E22C25C951B195F4E010D9B549FBF58CF32044CA6EC6D588076F7C961A751
ike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000
ike 0:IPSEC Site:7007: sent IKE msg (agg_r1send): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60
ike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000
ike 0:IPSEC Site:7007: sent IKE msg (P1_RETRANSMIT): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60
ike 0: comes ClientIP:1011->FortiGateIPWAN:500,ifindex=8,vrf=0....
ike 0: IKEv1 exchange=Aggressive id=2b2bdae897a15850/0000000000000000 len=508 vrf=0
ike 0: in 2B2BDAE897A1585000000000000000000110040000000000000001FC04000064000000010000000100000058010100020300002801010000800B0001000C00040001518080010007800E00808003000180020002800400050000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C49C29F77BADE5D43553C169BA2D54B30BB02C97B23EFFD1A8E6B53C663533F691F737045EBEE9F10483E173BAFFBA1EBED566AA0A81BF0EADB45B86D183F5839598F7B2FD23CAB766B358B537275DEDDE52A0CF4CAC22E0A84039FD27F15ED1D45D97CC0F46296A4C0B3461D509C1E74FC92A427AC11A48DFFAA82F85F7D54B9C64B066B072DE2100BFF3045364E54C57D07F50E0009BF4342A6DFB6EFA3C1A339D201E1D4893C598DB9E6A37BB7BC3E080B2BF16B1A6E0CB7331CCD4E6C3751405000014857E578C3B498EF7A50D38306E30A8C50D00000C01000000C0A86F6A0D00001412F5F28C457168A9702D9FE274CC01000D0000144A131C81070358455C5728F20E95452F0D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000144C53427B6D465D1B337BB755A37A7FEF00000014B4F01CA951E9DA8D0BAFBBD34AD3044E
ike 0:IPSEC Site:7007: retransmission, re-send last message
ike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000
ike 0:IPSEC Site:7007: sent IKE msg (retransmit): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60
ike 0: comes ClientIP:1011->FortiGateIPWAN:500,ifindex=8,vrf=0....
ike 0: IKEv1 exchange=Aggressive id=2b2bdae897a15850/0000000000000000 len=508 vrf=0
ike 0: in 2B2BDAE897A1585000000000000000000110040000000000000001FC04000064000000010000000100000058010100020300002801010000800B0001000C00040001518080010007800E00808003000180020002800400050000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C49C29F77BADE5D43553C169BA2D54B30BB02C97B23EFFD1A8E6B53C663533F691F737045EBEE9F10483E173BAFFBA1EBED566AA0A81BF0EADB45B86D183F5839598F7B2FD23CAB766B358B537275DEDDE52A0CF4CAC22E0A84039FD27F15ED1D45D97CC0F46296A4C0B3461D509C1E74FC92A427AC11A48DFFAA82F85F7D54B9C64B066B072DE2100BFF3045364E54C57D07F50E0009BF4342A6DFB6EFA3C1A339D201E1D4893C598DB9E6A37BB7BC3E080B2BF16B1A6E0CB7331CCD4E6C3751405000014857E578C3B498EF7A50D38306E30A8C50D00000C01000000C0A86F6A0D00001412F5F28C457168A9702D9FE274CC01000D0000144A131C81070358455C5728F20E95452F0D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000144C53427B6D465D1B337BB755A37A7FEF00000014B4F01CA951E9DA8D0BAFBBD34AD3044E
ike 0:IPSEC Site:7007: retransmission, re-send last message
ike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000
ike 0:IPSEC Site:7007: sent IKE msg (retransmit): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60
ike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000
ike 0:IPSEC Site:7007: sent IKE msg (P1_RETRANSMIT): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60
ike 0: comes ClientIP:1011->FortiGateIPWAN:500,ifindex=8,vrf=0....
ike 0: IKEv1 exchange=Aggressive id=2b2bdae897a15850/0000000000000000 len=508 vrf=0
ike 0: in 2B2BDAE897A1585000000000000000000110040000000000000001FC04000064000000010000000100000058010100020300002801010000800B0001000C00040001518080010007800E00808003000180020002800400050000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C49C29F77BADE5D43553C169BA2D54B30BB02C97B23EFFD1A8E6B53C663533F691F737045EBEE9F10483E173BAFFBA1EBED566AA0A81BF0EADB45B86D183F5839598F7B2FD23CAB766B358B537275DEDDE52A0CF4CAC22E0A84039FD27F15ED1D45D97CC0F46296A4C0B3461D509C1E74FC92A427AC11A48DFFAA82F85F7D54B9C64B066B072DE2100BFF3045364E54C57D07F50E0009BF4342A6DFB6EFA3C1A339D201E1D4893C598DB9E6A37BB7BC3E080B2BF16B1A6E0CB7331CCD4E6C3751405000014857E578C3B498EF7A50D38306E30A8C50D00000C01000000C0A86F6A0D00001412F5F28C457168A9702D9FE274CC01000D0000144A131C81070358455C5728F20E95452F0D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000144C53427B6D465D1B337BB755A37A7FEF00000014B4F01CA951E9DA8D0BAFBBD34AD3044E
ike 0:IPSEC Site:7007: retransmission, re-send last message
ike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000
ike 0:IPSEC Site:7007: sent IKE msg (retransmit): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60
ike shrank heap by 151552 bytes
ike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000
ike 0:IPSEC Site:7007: sent IKE msg (P1_RETRANSMIT): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60
ike shrank heap by 4096 bytes
ike 0:IPSEC Site:7007: negotiation timeout, deleting
ike 0:IPSEC Site: connection expiring due to phase1 down
ike 0:IPSEC Site: deleting
ike 0:IPSEC Site: deleted

 

 

I tried with two different clients connection with the same result, and the client are not behind firewall.

 

I cannot identify the problem, so i ask help

Thank you

 

 

 

1 Solution
ezhupa

Hello Albimatta, 

It seems that your scenario matches an issue on another forum post:
https://community.fortinet.com/t5/Support-Forum/Can-t-connect-to-IPsec-VPN-in-Windows-11/m-p/204876
It looks to be a Windows 11 Ethernet driver issue. Try downgrading to Win10 Realtek 10.54 driver version.
Realtek PCIe FE / GBE / 2.5G / Gaming Ethernet Family Controller Software - REALTEK

It seems that this solution has helped other community members solve a similar issue to yours. 
Give it a try and let us know if that same solution works for you also. 

View solution in original post

4 REPLIES 4
ezhupa
Staff
Staff

Hello Albimatta,

From the debug you have added it seems that Phase2 is not being established and FCT is not responding to the packets FGT is sending.  FGT receives no reply and when the negotiation timeouts has no choice but to flush the tunnel.
Are you using the free version of FortiClient? 
What version are you using? 
Can you also share phase2 settings on the FCT side? 
Is there any error observed on the FCT when you try to connect? 

Are you using Windows10/11? 
I would suggest trying a different version of FCT and maybe reinstalling it. 

You could also try to reconfigure the tunnel following the below KB if no documentation was followed:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-dial-up-full-tunnel-with-FortiClient...

Hope this helps.

Albimatta

Hello thank you for your fast response!

 

Yes i use the Free Version of the FortiClient

The version is: 7.0.7.0345

 

The Phase 2 on Fortigate and FortiCLient:

phase2.pngphase2fc.png

 

The Error is the form Screenshot 2023-10-27 120609.png :

 

My Operative System is Windows11

I have already tried to reinstalling without success, also with a new version

i forgot before to told that antivirus/software firewall are disable

 

also, the articles described all the things that i've done, except for the full tunnel option but i want to set a split tunnel configuration, i have already seen that KB

 

Thanks

ezhupa

Hello Albimatta, 

It seems that your scenario matches an issue on another forum post:
https://community.fortinet.com/t5/Support-Forum/Can-t-connect-to-IPsec-VPN-in-Windows-11/m-p/204876
It looks to be a Windows 11 Ethernet driver issue. Try downgrading to Win10 Realtek 10.54 driver version.
Realtek PCIe FE / GBE / 2.5G / Gaming Ethernet Family Controller Software - REALTEK

It seems that this solution has helped other community members solve a similar issue to yours. 
Give it a try and let us know if that same solution works for you also. 

Albimatta

I confirm that the problem is the Ethernet driver, crazy things i assume, but work well now, thank you again for your troubleshooting

Top Kudoed Authors