Hi,
on one of my remote laptops (windows 10 pro x64) after dialup IPSec connection incorrect route is created:
In this situation (bottom picture) when forticlient is connected, there is no internet access or servers (behind FortiGate) access.
The IPSec tunnel "split tunnel" option is checked.
There are no issues on other remote clients using the same tunnel.
There is still an issue when I create a second connection on this laptop using another tunnel settings.
The client using FortiClient 5.4.4.0890_x64 but I also tried on 5.6.0.1075_x64 - same issue.
The Fortigate runs on v5.4.5,build1138 (GA)
Can anybody help?
FGT60B, FGT100A, FGT100D
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are you sure the client user name is in the same user group with the other working clients? Then you need to run ike debug by specifying the outside IP of the client environment.
diag debug reset
diag vpn ike log-filter dst-addr4 [OUTSIDE_IP]
diag debug app ike -1
diag debug ena
Thank you for the answer.
Before that I decided to uninstall version 5.6 and one more time install 5.4.
I typed the configuration one more time and this time it started working properly. I was pretty sure the configuration was always the same, because the only thing I could do wrong was credentials, but in this case I would not be able to connect. Strange ...
FGT60B, FGT100A, FGT100D
If the config on the FG for IPSec is wrong, all clients would fail not only one particular. Every time you upgrade/downgrade firmware I would backup the entire config so that you can "diff" when you come back to the same major version of the firmware whatever the reason is.
I meant version of FortiClient. I didn't make any changes on FortiGate because other clients were working OK.
FGT60B, FGT100A, FGT100D
I would still suggest check difference between FortiClient config on 5.6.0 and 5.4. Config. they should be the same except some new standard features like vulnerability scan, which I disabled because I haven't learned what it exactly does yet. By the way, 5.4 FC is significantly slower than 5.6.0 or 5.2 based on our SSL VPN performance test. Its improvement was mentioned in 5.6.0 release notes. We haven't tested with IPSec VPN though.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.