Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎01-09-2006 02:25 PM

FortiClient and CiscoVPN client

Hello, I' ve ran into a problem where FortiClient and the Cisco VPN client, when installed on the same machine, drop all network interfaces (don' t show up in ipconfig, etc). If I reset the LSPs, winsock, etc...the interfaces come back. I' d like to know if any of you have noticed this problem and if so if you know of a work around. I' m running " vpnclient-win-is-4.8.00.0440-k9.exe" for Cisco VPN client and FortiClient " FortiClientSetup_2.0.148.exe" . The FortiClient is installed w/o anything but the VPN portion installed (no AV, Firewall, webfilter). Thanks
6771
0 Kudos
25 REPLIES 25
Not applicable

Created on ‎01-10-2006 02:52 AM

There' s is one golden rule in VPN IPsec clients.... Install only ONE.... otherwise you will run into problems.... Cheers, Eric
2577
0 Kudos
mhe
Contributor II
In response to

Created on ‎01-10-2006 06:43 AM

I had absolutely the same problems! Sometimes, a system restore will help... I resolved this by using Virtual PC and installing one VPN Client in a virtual machine... If you' ve found a VPN Client for both systems, I would be very interessted in that.. ;-) regards, martin
2576
0 Kudos
Not applicable

Created on ‎01-10-2006 07:48 AM

1) Why do they not interoperate? 2) I' ve managed to " fix" it by reinstalling winsock as well as resetting LSPs. Then installing the drivers for the NICs again. 3) Wish they had a linux client that was written correctly for Fortinet.
2576
0 Kudos
freaky
New Contributor

Created on ‎01-20-2006 12:23 AM

I believe that because the way IPSec works there will be modifications/hooks into the tcp/ip stack. Multiples of these would causes conflicts. There is no linux FortiClient. However, I got FortiGate <--> Smoothwall IPSec running quite easily. Smoothwall uses FreeSWAN if I' m not mistaken, so it should be possible for you to connect to your fortigate using that. Believe there are posts on it somewhere.
2576
0 Kudos
UkWizard
New Contributor

Created on ‎01-20-2006 04:22 AM

A lot of the vpn clients use the same software to tap into the interface layer. So if you install two that are using the same method, you will get problems. If you also have two clients that dont use the same method, and they are both switched on in the interface, this will also cause problems. (like blue screens). Therefore, if you want to run two, you can get away with it if they are using different methods, for example, if you have a forticlient vpn and a checkpoint VPN (they use their own method) then as long as you disable the feature in the interface ONE AT A TIME (ie untick one, click apply, then click the other and apply) then you can get away with it usually. if you dont apply one change before the other, the machine normally blue screens !!!
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
2576
0 Kudos
weinsjs
New Contributor

Created on ‎03-18-2006 09:32 AM

I have run into this same exact problem. Cisco and FortiClient. Could you please explain the steps to recover the interfaces. (Describe the steps to reinstall Winsock and the LSPs - is that local security policies or what?) Thanks
2576
0 Kudos
Not applicable

Created on ‎03-18-2006 01:20 PM

Go back to a previous restore point can do the trick. Cheers, Eric
2576
0 Kudos
weinsjs
New Contributor

Created on ‎03-18-2006 02:47 PM

Thanks Eric. I think I will try that first once I get onsite. If that does not work, I will try what after hours support said - LSPfix.exe from: http://www.cexx.org/lspfix.htm If I still have no success, I will follow these instructions: http://support.microsoft.com/kb/811259 For those (like me) who didn' t know what LSP stands for, it is Layered Service Provider. It is a real shame that the FortiClient install routine doesn' t search for key known other softwares/VPN clients for compatibility issues. True, you can' t search for every one; however, you could look for the top ten. Remember when XP SP2 came out ...they couldn' t list every software that wouldn' t work with it; but, they did have check for some. Hopefully, when FortiClient 3.0 comes out, it will incorporate this function and the uninstall routine will have the LSPfix built-in. Thanks
2576
0 Kudos
Not applicable

Created on ‎03-18-2006 09:29 PM

Personally, I think it is a crock that there isn' t a way for Windows XP to support multiple VPN clients at the same time. I could understand not having more than one active VPN connection due to port requirements, but the software itself should be able to coexist on an individual machine. It may be a limitation to some windows APIs, or poorly written code on behalf of the VPN client vendors out there. The answer that it can' t be done is not acceptable in today' s environment. One way or another, possibly with the help/cooperation of Micro$oft themselves, it would be possible to get this sort of software to play nicely together. From a network administrator standpoint, who will likely face multiple vendor' s VPN client software out there in heterogeneous networks, it is a nightmare waiting for one to come across. When I had the issue, I asked Fortinet to at least check for the known VPN clients out there (I would imagine Cisco is at least in the top ten)...shouldn' t take much more than parsing through some registry entries I wouldn' t think and would save a lot of people time. BTW, the only way I' ve found to completely clear the system up is to format/reload, else you get " sticky" entries in device manager referencing " Fortidrv - Miniport" . Systems do seem to function fine otherwise. At least this has been my experience....if anyone knows an easier way to get rid of them, I' d appreciate you sharing it with the rest of us in the forum. Also...FYI, this sort of thing does rear its ugly head if you install FortClient first on a new install of the OS, then install the Cisco VPN software...so it would probably take all the VPN client vendors out there to take the initiative to fix this sort of incompatibility issue. I guess the gist of it is that Fortinet is not the issue here, seems to be an industry/windows problem that should be corrected by all those involved. Perhaps a SSL VPN solution would elevate this sort of issue. I have not researched it, but I know when I first purchased one of their firewalls, there was some discussion from them that they are evidently pursuing the trend. One thing that really bothers me is that there is no mention of this sort of issue in the knowledge base. If someone types in “cisco vpn client”, one of the first hits should be a mention/warning of the ramifications that can happen if you install both on the same system…and the procedures to fix the issue. After contacting Fortinet about the issue, they did provide me with some “special” uninstall programs that at least got the NIC interfaces back (required a reinstall of drivers for the NICs though). I' ve found that the LSP fix sort of programs also let you get the NICs back into working order (also with a reinstall of their respective drivers). Thank you for reading my rant
2576
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.