Error code -56 when trying to set L2TP/IPsec using Cookbook 507

jltrepanier · ‎05-06-2014

Trying to Configuer my FortiGate 60D unit as an L2TP/IPsec server using the latess Cookbook 507 I get to CLI Console editing Phase2 step and at the end I get ' phase1name' must be set. Message from Console: FGT60D4614000741 (L2TP_P2) # show config vpn ipsec phase2 edit " L2TP_P2" set proposal 3des-sha1 aes128-sha1 set encapsulation transport-mode next end FGT60D4614000741 (L2TP_P2) # end node_check_object fail! for phase1name Attribute ' phase1name' MUST be set. Command fail. Return code -56 I follow the cookbook step by step and I can' t find what I missed. Please help

Jean-Luc TrÃ©panier Administrateur rÃ©seau 224 Place d' Youville MontrÃ©al, QuÃ©bec Canada H2Y 2B4 T: 514 849-6291 F: 514 849-9867 jltrepanier@lapointemagne.ca www.lapointemagne.ca

emnoc · ‎05-06-2014

What' s your phase1 name? Please follow this link on my blog for a l2tp-ipsec config that works for android to linux. http://socpuppet.blogspot.com/2013/02/l2tp-setup-fortigate-200b-mr3p12.html

PCNSE

NSE

StrongSwan

jltrepanier · ‎05-06-2014

As per the Cookbook the Phase1 is named L2TP I went to see your blog, *EDIT* but I don' t see anything that pops out as something I may have forgotten. I just spotted something be right back. *EDIT2* Tried to add set phase1name " l2tp_dialupRA01" FGT60D4614000741 (L2TP_P2) # set phase1name " L2TP_P1" entry not found in datasource value parse error before ' L2TP_P1' Command fail. Return code -3

Jean-Luc TrÃ©panier Administrateur rÃ©seau 224 Place d' Youville MontrÃ©al, QuÃ©bec Canada H2Y 2B4 T: 514 849-6291 F: 514 849-9867 jltrepanier@lapointemagne.ca www.lapointemagne.ca

ede_pfau · ‎05-06-2014

hello, as it says: you MUST set the phase1name parameter before entering ' next' . The Cookbook example is twofold: first they describe what to configure in the WebGUI, then you have to enter one additional parameter (' set encapsulation' ) in the CLI - this parameter is not available in the WebGUI. The error message tells me that you have not configured a phase2 in the WebGUI first.

Ede Kernel panic: Aiee, killing interrupt handler!

jltrepanier · ‎05-06-2014

As I said I followed the steps, so yes the gui step was done before the cli config step.

Jean-Luc TrÃ©panier Administrateur rÃ©seau 224 Place d' Youville MontrÃ©al, QuÃ©bec Canada H2Y 2B4 T: 514 849-6291 F: 514 849-9867 jltrepanier@lapointemagne.ca www.lapointemagne.ca

jltrepanier · ‎05-06-2014

Here are the screen shots of the GUI: 1/2

Jean-Luc TrÃ©panier Administrateur rÃ©seau 224 Place d' Youville MontrÃ©al, QuÃ©bec Canada H2Y 2B4 T: 514 849-6291 F: 514 849-9867 jltrepanier@lapointemagne.ca www.lapointemagne.ca

jltrepanier · ‎05-06-2014

Here are the screen shots of the GUI: 2/2

Jean-Luc TrÃ©panier Administrateur rÃ©seau 224 Place d' Youville MontrÃ©al, QuÃ©bec Canada H2Y 2B4 T: 514 849-6291 F: 514 849-9867 jltrepanier@lapointemagne.ca www.lapointemagne.ca

ede_pfau · ‎05-06-2014

From the screenshot I see that your phase1 was created in ' Interface Mode' . Your phase2 (as per CLI) is not in ' Interface Mode' but ' Policy Mode' . You cannot mix both VPN types. Unfortunately, one cannot change the ' Mode' after creation. Delete phase2 and phase1 and recreate phase1, disable ' Interface Mode' check box, and proceed as before.

Ede Kernel panic: Aiee, killing interrupt handler!

jltrepanier · ‎05-06-2014

Thanks Ede_pfau that was it.

Jean-Luc TrÃ©panier Administrateur rÃ©seau 224 Place d' Youville MontrÃ©al, QuÃ©bec Canada H2Y 2B4 T: 514 849-6291 F: 514 849-9867 jltrepanier@lapointemagne.ca www.lapointemagne.ca

ede_pfau · ‎05-06-2014

Ede Kernel panic: Aiee, killing interrupt handler!

Error code -56 when trying to set L2TP/IPsec using Cookbook 507

Nominate a Forum Post for Knowledge Article Creation