Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fabs
New Contributor III

Created on ‎12-10-2024 04:17 AM

Fortigate 7.6.1 - FortiClientVPN - IPsec SAML - Windows 11 24H2- no incoming traffic

Hello all,

 

I have a problem with IPsec SAML under Windows 11 24H2 with FortiClientVPN 7.4.1.1736 free version.

The connection is established, but I don't see any bytes for incoming traffic. Therefore the routing in the internal VLAN does not work, also the routing to the outside does not work.

 

The same tunnel works perfectly with the FortiClientVPN 7.4.2.0151 and the same SAML user on the iOS iPhone 15 Pro. Except for the fact that I have to exclude the SAML application from my Microsoft CA compliant device policy.

 

Here is the debug of the VPN connection.

 

100f_serverroom # diag debug reset

100f_serverroom # diag debug console timestamp en

100f_serverroom # diag vpn ike log filter name "XXXXXX IPsec"

100f_serverroom # diag debug application ike -1
Debug messages will be on for 30 minutes.

100f_serverroom # diag debug enable

100f_serverroom # 2024-12-10 11:36:43.276210 ike V=root:0: comes 34.199.9.216:500->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=76....
2024-12-10 11:36:43.276339 ike V=root:0: IKEv2 exchange=INFORMATIONAL id=c87c0c2ee891eeb5/0d86f6dc7c1926d8:0000006a len=76
2024-12-10 11:36:43.276379 ike 0: in C87C0C2EE891EEB50D86F6DC7C1926D82E2025080000006A0000004C0000003056374A2DDDD0DF45A3569507C0D2E64885DE998FE60CB2D93C46C6C3A9C25B2CE030E6178C6D973FBFF62D0D
2024-12-10 11:36:43.937654 ike V=root:0: comes xxx.xx.xxx.xx:24037->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=409....
2024-12-10 11:36:43.937774 ike V=root:0: IKEv2 exchange=SA_INIT id=c1ed4e56aa50b2a2/0000000000000000 len=409
2024-12-10 11:36:43.937815 ike 0: in C1ED4E56AA50B2A200000000000000002120220800000000000001992200005C0200002C010100040300000C0100000C800E00800300000802000002030000080300000200000008040000050000002C020100040300000C0100000C80
0E01000300000802000005030000080300000C0000000804000005280000C8000500008FBE37D4CF842225961FDA0C28729E494DEE8841D11AE50B174F9C1EB763C16476DA03F93B71C82699DCC79538762E982979F1531DF0E85D02C4175ACBF6DEF6EAE7FB17989593978E93D680A
531B2FDBEC26ABBEB7CC73A324E23D90DD7510B26968DE3E7C864F70A1DDA91D8B2DD8247C942A0F23FEBA71B7A0C0FE7490EDCE9208AC40D0E070F0E0F9A9170EC6F96C69F6973EDA7137E50F9728CE211D562F10BF80E4880F0FB6C54DAE77AFDD56D5D2A0763D5AD891E29D42E30
390747CE2B000014E92174163E6DBFA060F92C7CA850D8C22B0000144C53427B6D465D1B337BB755A37A7FEF2B000014B4F01CA951E9DA8D0BAFBBD34AD3044E29000014C1DC4350476B98A429B91781914CA43E000000090000F05000
2024-12-10 11:36:43.937922 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: responder received SA_INIT msg
2024-12-10 11:36:43.937970 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: VID forticlient connect license 4C53427B6D465D1B337BB755A37A7FEF
2024-12-10 11:36:43.938015 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: VID Fortinet Endpoint Control B4F01CA951E9DA8D0BAFBBD34AD3044E
2024-12-10 11:36:43.938060 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: VID Forticlient EAP Extension C1DC4350476B98A429B91781914CA43E
2024-12-10 11:36:43.938106 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: received notify type VPN_NETWORK_ID
2024-12-10 11:36:43.938149 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: NETWORK ID : 0
2024-12-10 11:36:43.938203 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: incoming proposal:
2024-12-10 11:36:43.938246 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: proposal id = 1:
2024-12-10 11:36:43.938279 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:   protocol = IKEv2:
2024-12-10 11:36:43.938312 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:      encapsulation = IKEv2/none
2024-12-10 11:36:43.938347 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:         type=ENCR, val=AES_CBC (key_len = 128)
2024-12-10 11:36:43.938381 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:         type=INTEGR, val=AUTH_HMAC_SHA_96
2024-12-10 11:36:43.938415 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:         type=PRF, val=PRF_HMAC_SHA
2024-12-10 11:36:43.938450 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:         type=DH_GROUP, val=MODP1536.
2024-12-10 11:36:43.938492 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: proposal id = 2:
2024-12-10 11:36:43.938525 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:   protocol = IKEv2:
2024-12-10 11:36:43.938558 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:      encapsulation = IKEv2/none
2024-12-10 11:36:43.938592 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:         type=ENCR, val=AES_CBC (key_len = 256)
2024-12-10 11:36:43.938626 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:         type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-12-10 11:36:43.938660 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:         type=PRF, val=PRF_HMAC_SHA2_256
2024-12-10 11:36:43.938693 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:         type=DH_GROUP, val=MODP1536.
2024-12-10 11:36:43.938752 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: matched proposal id 2
2024-12-10 11:36:43.938795 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: proposal id = 2:
2024-12-10 11:36:43.938828 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:   protocol = IKEv2:
2024-12-10 11:36:43.938860 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:      encapsulation = IKEv2/none
2024-12-10 11:36:43.938894 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:         type=ENCR, val=AES_CBC (key_len = 256)
2024-12-10 11:36:43.938928 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:         type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2024-12-10 11:36:43.938977 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:         type=PRF, val=PRF_HMAC_SHA2_256
2024-12-10 11:36:43.939006 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459:         type=DH_GROUP, val=MODP1536.
2024-12-10 11:36:43.939036 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: lifetime=86400
2024-12-10 11:36:43.939074 ike V=root:0:c1ed4e56aa50b2a2/0000000000000000:459: SA proposal chosen, matched gateway XXXXXX IPsec
2024-12-10 11:36:43.939125 ike V=root:0:XXXXXX IPsec:XXXXXX IPsec: created connection: 0x5561e3d8c0 7 xx.xx.xx.xx->xxx.xx.xxx.xx:24037.
2024-12-10 11:36:43.939183 ike V=root:0:XXXXXX IPsec:459: FEC vendor ID received FEC but IP not set
2024-12-10 11:36:43.939214 ike 0:XXXXXX IPsec:459: FCT EAP 2FA extension vendor ID received
2024-12-10 11:36:43.939297 ike V=root:0:XXXXXX IPsec:459: responder preparing SA_INIT msg
2024-12-10 11:36:43.940519 ike V=root:0:XXXXXX IPsec:459: create NAT-D hash local xx.xx.xx.xx/500 remote xxx.xx.xxx.xx/24037
2024-12-10 11:36:43.940603 ike 0:XXXXXX IPsec:459: out C1ED4E56AA50B2A201D9466943A4A7D5212022200000000000000160220000300000002C020100040300000C0100000C800E01000300000802000005030000080300000C0000000804000005280000C800050000
F89CF402B946CB736B777E993E4D3A7DDC7D7E736E80DAF3A657EF5AE2B0C147EDFB6F42C60E403EEC1694898A55EE00B0A836A4DA57B318BEBAB5906F086807E9AA6FECB94671C76B8C038B4484960558719653B92870F369E9B82671249EAF2BE6DA20A3763D8DC146FDC0E5BBEBF
6C6836E88E4BAAD00BFEF0D8E4CA64F005DB8DC99D3A89144918B3231A0A40948899C31AA6C0442069F7A1B72E6EC6488B7B03B5CB030E2CAC54D4804BF6077EE13A7CC8E90DB4DE9F8902F9D6DABF1D6290000140C8BB31EE839FD9E4273A92E4FF965BD2900001C000040046D22C9
D3A8393140025B1151BAF155CCD1A09E330000001C0000400516FADCD3BCD1E0A647D03A0A1986FDD577E4660D
2024-12-10 11:36:43.940727 ike V=root:0:XXXXXX IPsec:459: sent IKE msg (SA_INIT_RESPONSE): xx.xx.xx.xx:500->xxx.xx.xxx.xx:24037, len=352, vrf=0, id=c1ed4e56aa50b2a2/01d9466943a4a7d5, oif=7
2024-12-10 11:36:43.940887 ike 0:XXXXXX IPsec:459: IKE SA c1ed4e56aa50b2a2/01d9466943a4a7d5 SK_ei 32:14777F25B97BCCD196D4A8D72E8F9E296C75B36695B8C164E484474BD5F4A991
2024-12-10 11:36:43.940929 ike 0:XXXXXX IPsec:459: IKE SA c1ed4e56aa50b2a2/01d9466943a4a7d5 SK_er 32:8F9481682381EDFCBCA8FA47E5C64F34E21FE5D3252F80D3589DBCA7C6983E58
2024-12-10 11:36:43.940967 ike 0:XXXXXX IPsec:459: IKE SA c1ed4e56aa50b2a2/01d9466943a4a7d5 SK_ai 32:E15AA0346C100039BD4BEC20C4D8858525D0877C6A8B64413E3578D88A3580C9
2024-12-10 11:36:43.941018 ike 0:XXXXXX IPsec:459: IKE SA c1ed4e56aa50b2a2/01d9466943a4a7d5 SK_ar 32:AAA13474C3C9C96A3366546F59EABBF8A2BC0D445F7A0E0FCED9B01FEEB36CAA
2024-12-10 11:36:43.987008 ike V=root:0: comes xxx.xx.xxx.xx:24037->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=640....
2024-12-10 11:36:43.987099 ike V=root:0: IKEv2 exchange=AUTH id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000001 len=640
2024-12-10 11:36:43.987143 ike 0: in C1ED4E56AA50B2A201D9466943A4A7D52E202308000000010000028023000264C3AE9BD8096F81A0A63B00C0BD7300E6AC0F4120BD343FCE922A704B5245DC504E20A78323A5AAF1EE4327EC7DF686CC38DD79ADC6A7C84ABDACADF3D9
8A4729B5C78118722651F79E301756A1D228DE939D1E7D2DF31663FE03E74954DEB041A0B2A505AD35EF38B8F68C0C57F6F661B5CE1F389F5994331F7CC0E008CA51B61AE9989257D2CC0116E310A9C39670754B3422A3FE62A01A02CD516692F065B91D39F414548DE304BBD5C47FF
8B46B0E5EDB919B53869651F6C1530D9D1319E5C884B2E0530476B75FEE8B4F38B87618EDA9E1309C66C4DCE3C9C682871F9D9D2A344BCA5C175725EA4DB18E3E3905D488B1C3CCAF166BBB215E41148483F8DC341C22DE91F9104BF06C1E145DC3D1B54E3F071A94BC7A1B9D77482B
A907B8B380FDB5F9D0ADE046736106BB2A334FA830519961FFF50F8E454E8D0E0561FCEBF1568CCF6FA24030F33C6523B5286054B7FC0A60A19C536A9A9FF284EF6727ED23B1BD5E267745A27C6BAD05E7400205F2E0A395A765A296356C15BB20DAD2A432AF2E2A0EDBEAFD6B62676
ECAD45777D8D0F87A50C2C021A0A2C288C642669F1896B81D7A779EEEFE59C7F7FC2326395DDFB56132E47F61D25DF631D60DD479779FCC81B32BCF0E317F6E37624E3794AC4BFF3C1AEA91DFD4A36220C0435D742E8E21A2018808EC80271F32AF5493FA142A97D81EFC19A51C6F37
D8C3CF7F92A03464576470471C208FD58EBF43D256F9531639EACE1DC0687DA25AC5B099E0BA4C48A409EB6654E439076457F394A30994C2D8A08E52AF22DA63455F78903636CA3D997C8D36EB894568CA45CC4DF4083AA11182C9097030DFC2810076AAF8
2024-12-10 11:36:43.987316 ike 0:XXXXXX IPsec:459: dec C1ED4E56AA50B2A201D9466943A4A7D52E2023080000000100000251230000042900000C01000000C0A8344629000008000040002F00013D0000F1005645523D310A4643545645523D372E342E312E313733360A
5549443D36413243394145443231354334443246383230383437413744453339364246320A49503D3139322E3136382E35322E37300A4D41433D63382D62322D39622D38382D36372D34363B63382D62322D39622D38382D36372D34323B63382D62322D39622D38382D36372D34333
B63612D62322D39622D38382D36372D34323B38342D62352D39332D35392D34372D34303B0A484F53543D5654452D50432D3035340A555345523D36413243394145443231354334443246383230383437413744453339364246320A4F535645523D4D6963726F736F66742057696E64
6F777320313120456E74657270726973652045646974696F6E2C2036342D62697420286275696C64203232363331290A5245475F5354415455533D300A002100005C01000000000700104643543830303237393039383339353100010000000200000003000000040000000D0000001
9000000080000000F0000000A0000000B000070010000540A0000540B00007000000070060000001900002C0000540200002801030403BD2BD0950300000C0100000C800E0080030000080300000200000008050000000000002802030403BD2BD0950300000C0100000C800E010003
0000080300000C00000008050000002D00001801000000070000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF
2024-12-10 11:36:43.987398 ike V=root:0:XXXXXX IPsec:459: responder received AUTH msg
2024-12-10 11:36:43.987433 ike V=root:0:XXXXXX IPsec:459: processing notify type INITIAL_CONTACT
2024-12-10 11:36:43.987504 ike V=root:0:XXXXXX IPsec:459: processing notify type FORTICLIENT_CONNECT
2024-12-10 11:36:43.987556 ike V=root:0:XXXXXX IPsec:459: received FCT data len = 309, data = 'VER=1
FCTVER=7.4.1.1736
UID=6A2C9AED215C4D2F820847A7DE396BF2
IP=192.168.52.70
MAC=c8-b2-9b-88-67-46;c8-b2-9b-88-67-42;c8-b2-9b-88-67-43;ca-b2-9b-88-67-42;84-b5-93-59-47-40;
HOST=VTE-PC-054
USER=6A2C9AED215C4D2F820847A7DE396BF2
OSVER=Microsoft Windows 11 Enterprise Edition, 64-bit (build 22631)
REG_STATUS=0
'
2024-12-10 11:36:43.987648 ike V=root:0:XXXXXX IPsec:459: received FCT-UID : 6A2C9AED215C4D2F820847A7DE396BF2
2024-12-10 11:36:43.987680 ike V=root:0:XXXXXX IPsec:459: received EMS SN :
2024-12-10 11:36:43.987711 ike V=root:0:XXXXXX IPsec:459: received EMS tenant ID :
2024-12-10 11:36:43.987745 ike V=root:0:XXXXXX IPsec:459: peer identifier IPV4_ADDR 192.168.52.70
2024-12-10 11:36:43.987778 ike V=root:0:XXXXXX IPsec:459: re-validate gw ID
2024-12-10 11:36:43.987823 ike V=root:0:XXXXXX IPsec:459: gw validation OK
2024-12-10 11:36:43.987859 ike V=root:0:XXXXXX IPsec:459: responder preparing EAP identity request
2024-12-10 11:36:43.988068 ike 0:XXXXXX IPsec:459: enc 2700000C01000000515A25623000002802000000157F6FB30F6E06277550958D4B2E3FDB3376601E4C0411631298B1F3320611E1000000090102000501020102
2024-12-10 11:36:43.988151 ike 0:XXXXXX IPsec:459: out C1ED4E56AA50B2A201D9466943A4A7D52E2023200000000100000080240000644427FEEDDB2F793D8C30BE54FFB9B5D9DF4EF73111D7245E5959C0A72A6E2B2C7AED7BA56F388E4851CEE7D529D0683451722323
A63A2F8F6A36D0F64C29BEEE6F83CE60730DE7276AA1E9B3072D3B70C333E259A9A70111FC9D6D538D3A8175
2024-12-10 11:36:43.988258 ike V=root:0:XXXXXX IPsec:459: sent IKE msg (AUTH_RESPONSE): xx.xx.xx.xx:500->xxx.xx.xxx.xx:24037, len=128, vrf=0, id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000001, oif=7
2024-12-10 11:36:44.026827 ike V=root:0: comes xxx.xx.xxx.xx:24037->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=112....
2024-12-10 11:36:44.026935 ike V=root:0: IKEv2 exchange=AUTH id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000002 len=112
2024-12-10 11:36:44.026968 ike 0: in C1ED4E56AA50B2A201D9466943A4A7D52E202308000000020000007030000054D200243699A799962ED3823B560AE84E8AFE187C3CE53CDACCBC820196674897A38B19BACFFD7D0B890695810321522877234C407D61F125E197234FFB
7B2BC1813EC31F8424C82731D5EA4AD7BDDE7B
2024-12-10 11:36:44.027094 ike 0:XXXXXX IPsec:459: dec C1ED4E56AA50B2A201D9466943A4A7D52E2023080000000200000049300000040000002902020025013641324339414544323135433444324638323038343741374445333936424632
2024-12-10 11:36:44.027133 ike V=root:0:XXXXXX IPsec:459: responder received EAP msg
2024-12-10 11:36:44.027166 ike V=root:0:XXXXXX IPsec:459: send EAP message to FNBAM
2024-12-10 11:36:44.027196 ike V=root:0:XXXXXX IPsec:459: initiating EAP authentication
2024-12-10 11:36:44.027228 ike V=root:0:XXXXXX IPsec: EAP user "6A2C9AED215C4D2F820847A7DE396BF2"
2024-12-10 11:36:44.027258 ike V=root:0:XXXXXX IPsec: auth group AAD-IPSEC-VPN-USERS
2024-12-10 11:36:44.027360 ike V=root:0:XXXXXX IPsec: EAP 1400352022681 pending
2024-12-10 11:36:44.029211 ike V=root:0:XXXXXX IPsec:459 EAP 1400352022681 result FNBAM_CHALLENGED
2024-12-10 11:36:44.029303 ike V=root:0:XXXXXX IPsec: EAP challenged for user "6A2C9AED215C4D2F820847A7DE396BF2"
2024-12-10 11:36:44.029341 ike V=root:0:XXXXXX IPsec:459: responder preparing EAP pass through message
2024-12-10 11:36:44.029391 ike 0:XXXXXX IPsec:459: enc 00000025010300211A0103001C1059E129E2DEC4AA3D51231456D3DD52FE686F73746170640A0908070605040302010A
2024-12-10 11:36:44.029496 ike 0:XXXXXX IPsec:459: out C1ED4E56AA50B2A201D9466943A4A7D52E202320000000020000007030000054FF8CB3A079CD03D36CA2C385BAAE4229FAE1AD2E9E8F56D1DD0D870D965303C77AE6E79B9E8512DCABF92E99CC0FF6CDE42E6404
E36438341DB78756AADC4516702EADC8B6AD80A505563ADA88F47109
2024-12-10 11:36:44.029583 ike V=root:0:XXXXXX IPsec:459: sent IKE msg (AUTH_RESPONSE): xx.xx.xx.xx:500->xxx.xx.xxx.xx:24037, len=112, vrf=0, id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000002, oif=7
2024-12-10 11:36:44.062767 ike V=root:0: comes xxx.xx.xxx.xx:24037->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=160....
2024-12-10 11:36:44.062862 ike V=root:0: IKEv2 exchange=AUTH id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000003 len=160
2024-12-10 11:36:44.062895 ike 0: in C1ED4E56AA50B2A201D9466943A4A7D52E20230800000003000000A030000084F86F972C0F7C62544EEDB3F7EC761DC75F932B3082956390C8788BE9D0784029B62098536056B59695EB0D3AC153B19F3864783E451C6E8D1C794ED041
94CEBC1EF430F0C11183D18DE611351877DB91910C09E6066B0832DE64179E360B92F05CA03B8E507A5C1FFF8AC629305936494AEDA78EAC247340AAADA5918884EDC8
2024-12-10 11:36:44.063025 ike 0:XXXXXX IPsec:459: dec C1ED4E56AA50B2A201D9466943A4A7D52E202308000000030000007F300000040000005F0203005B1A020300563152D9759362B69158DCA80FD2F5BA98BA00000000000000005A1792A3EF80FFF8D7C1BAD28DEE
65E0EC85DB21AA42310F003641324339414544323135433444324638323038343741374445333936424632
2024-12-10 11:36:44.063071 ike V=root:0:XXXXXX IPsec:459: responder received EAP msg
2024-12-10 11:36:44.063104 ike V=root:0:XXXXXX IPsec:459: send EAP message to FNBAM
2024-12-10 11:36:44.063152 ike V=root:0:XXXXXX IPsec: EAP 1400352022681 pending
2024-12-10 11:36:44.064626 ike V=root:0:XXXXXX IPsec:459 EAP 1400352022681 result FNBAM_CHALLENGED
2024-12-10 11:36:44.064703 ike V=root:0:XXXXXX IPsec: EAP challenged for user "6A2C9AED215C4D2F820847A7DE396BF2"
2024-12-10 11:36:44.064736 ike V=root:0:XXXXXX IPsec:459: responder preparing EAP pass through message
2024-12-10 11:36:44.064790 ike 0:XXXXXX IPsec:459: enc 0000003C010400381A03030033533D46353631464346453039434630413332394236373744424134314233344541363431304339313634204D3D4F4B03020103
2024-12-10 11:36:44.064891 ike 0:XXXXXX IPsec:459: out C1ED4E56AA50B2A201D9466943A4A7D52E202320000000030000008030000064BD39787E3232D09BF681DDBB0121DCDA1F0CB6CF705619F1D489D3592DDD9ABF92CD89D0E0E189920A050348BD100B4EE48DEBAF
8484BBFADBAA596527C83A89CA68354F316A60CFD760EFDF812342BE104C3FEDC65BEF237592AFEF1FA5C22D
2024-12-10 11:36:44.064979 ike V=root:0:XXXXXX IPsec:459: sent IKE msg (AUTH_RESPONSE): xx.xx.xx.xx:500->xxx.xx.xxx.xx:24037, len=128, vrf=0, id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000003, oif=7
2024-12-10 11:36:44.092783 ike V=root:0: comes xxx.xx.xxx.xx:24037->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=80....
2024-12-10 11:36:44.092878 ike V=root:0: IKEv2 exchange=AUTH id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000004 len=80
2024-12-10 11:36:44.092912 ike 0: in C1ED4E56AA50B2A201D9466943A4A7D52E202308000000040000005030000034ADD216DDBB4086C44A1A467EE8A9C64ED9AA4DA5CA5912945714A7EF5E4ED629D2AE4175DD9BA9F33779B5555A899C8C
2024-12-10 11:36:44.093028 ike 0:XXXXXX IPsec:459: dec C1ED4E56AA50B2A201D9466943A4A7D52E202308000000040000002A300000040000000A020400061A03
2024-12-10 11:36:44.093067 ike V=root:0:XXXXXX IPsec:459: responder received EAP msg
2024-12-10 11:36:44.093100 ike V=root:0:XXXXXX IPsec:459: send EAP message to FNBAM
2024-12-10 11:36:44.093149 ike V=root:0:XXXXXX IPsec: EAP 1400352022681 pending
2024-12-10 11:36:44.094326 ike V=root:0:XXXXXX IPsec:459 EAP 1400352022681 result FNBAM_SUCCESS
2024-12-10 11:36:44.094393 ike V=root:0:XXXXXX IPsec: EAP succeeded for user "6A2C9AED215C4D2F820847A7DE396BF2" group "AAD-IPSEC-VPN-USERS" 2FA=no
2024-12-10 11:36:44.094486 ike V=root:0:XXXXXX IPsec:459: responder preparing EAP pass through message
2024-12-10 11:36:44.094539 ike 0:XXXXXX IPsec:459: enc 00000008030400040706050403020107
2024-12-10 11:36:44.094636 ike 0:XXXXXX IPsec:459: out C1ED4E56AA50B2A201D9466943A4A7D52E202320000000040000005030000034AAF62162C7EB0C23E18EBD27EDDE598A0E51A8FD86A770C706D83B1DAB1A4F54AABC8CA3622235139AE847F99FC15C61
2024-12-10 11:36:44.094714 ike V=root:0:XXXXXX IPsec:459: sent IKE msg (AUTH_RESPONSE): xx.xx.xx.xx:500->xxx.xx.xxx.xx:24037, len=80, vrf=0, id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000004, oif=7
2024-12-10 11:36:44.138755 ike V=root:0: comes xxx.xx.xxx.xx:24037->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=112....
2024-12-10 11:36:44.138852 ike V=root:0: IKEv2 exchange=AUTH id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000005 len=112
2024-12-10 11:36:44.138886 ike 0: in C1ED4E56AA50B2A201D9466943A4A7D52E202308000000050000007027000054E510561CE9885ABBE8559FB553C9D3CB8C92858F0BB84710B21E965F3BF9BEFE0328DF720673AA1D6C0FC744BB1BDE2BDB1F57281F433B31CE78801504
AE10FF87405347CD20A1142B9476146BF26057
2024-12-10 11:36:44.139013 ike 0:XXXXXX IPsec:459: dec C1ED4E56AA50B2A201D9466943A4A7D52E202308000000050000004827000004000000280200000030DC53D60B6BF9245C88FF5989175A418F7B9F64D6CD8B0FD39E60156E5B5146
2024-12-10 11:36:44.139051 ike V=root:0:XXXXXX IPsec:459: responder received AUTH msg
2024-12-10 11:36:44.139136 ike V=root:0:XXXXXX IPsec:459: auth verify done
2024-12-10 11:36:44.139168 ike V=root:0:XXXXXX IPsec:459: responder AUTH continuation
2024-12-10 11:36:44.139198 ike V=root:0:XXXXXX IPsec:459: authentication succeeded
2024-12-10 11:36:44.139269 ike V=root:0:XXXXXX IPsec:459: responder creating new child
2024-12-10 11:36:44.139328 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 7 request 16:'46435438303032373930393833393531'
2024-12-10 11:36:44.139361 ike V=root:0:XXXXXX IPsec:459: mode-cfg received APPLICATION_VERSION 'FCT8002790983951'
2024-12-10 11:36:44.139392 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 1 request 0:''
2024-12-10 11:36:44.139427 ike V=root:0:XXXXXX IPsec: mode-cfg allocate 10.72.76.61/0.0.0.0
2024-12-10 11:36:44.139458 ike V=root:0:XXXXXX IPsec:459: mode-cfg using allocated IPv4 10.72.76.61
2024-12-10 11:36:44.139487 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 2 request 0:''
2024-12-10 11:36:44.139517 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 3 request 0:''
2024-12-10 11:36:44.139547 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 4 request 0:''
2024-12-10 11:36:44.139576 ike V=root:0:XXXXXX IPsec:459: mode-cfg WINS ignored, no WINS servers configured
2024-12-10 11:36:44.139605 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 13 request 0:''
2024-12-10 11:36:44.139633 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 25 request 0:''
2024-12-10 11:36:44.139662 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 8 request 0:''
2024-12-10 11:36:44.139691 ike V=root:0:XXXXXX IPsec: IPv6 pool is not configured
2024-12-10 11:36:44.139720 ike V=root:0:XXXXXX IPsec:459: mode-cfg could not allocate IPv6 address
2024-12-10 11:36:44.139749 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 15 request 0:''
2024-12-10 11:36:44.139778 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 10 request 0:''
2024-12-10 11:36:44.139807 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 11 request 0:''
2024-12-10 11:36:44.139836 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 11 not supported, ignoring
2024-12-10 11:36:44.139865 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 28673 request 0:''
2024-12-10 11:36:44.139895 ike V=root:0:XXXXXX IPsec:459: mode-cfg UNITY type 28673 requested
2024-12-10 11:36:44.139924 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 21514 request 0:''
2024-12-10 11:36:44.139953 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 21514 requested
2024-12-10 11:36:44.139981 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 21515 request 0:''
2024-12-10 11:36:44.140010 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 21515 requested
2024-12-10 11:36:44.140038 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 28672 request 0:''
2024-12-10 11:36:44.140066 ike V=root:0:XXXXXX IPsec:459: mode-cfg UNITY type 28672 requested
2024-12-10 11:36:44.140095 ike V=root:0:XXXXXX IPsec:459: mode-cfg no banner configured, ignoring
2024-12-10 11:36:44.140123 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 28678 request 0:''
2024-12-10 11:36:44.140152 ike V=root:0:XXXXXX IPsec:459: mode-cfg UNITY type 28678 requested
2024-12-10 11:36:44.140180 ike V=root:0:XXXXXX IPsec:459: mode-cfg type 25 request 0:''
2024-12-10 11:36:44.140225 ike V=root:0:XXXXXX IPsec:459:531: peer proposal:
2024-12-10 11:36:44.140259 ike V=root:0:XXXXXX IPsec:459:531: TSi_0 0:0.0.0.0-255.255.255.255:0
2024-12-10 11:36:44.140292 ike V=root:0:XXXXXX IPsec:459:531: TSr_0 0:0.0.0.0-255.255.255.255:0
2024-12-10 11:36:44.140322 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: comparing selectors
2024-12-10 11:36:44.140355 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: matched by rfc-rule-2
2024-12-10 11:36:44.140385 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: phase2 matched by subset
2024-12-10 11:36:44.140420 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: using mode-cfg override 0:10.72.76.61-10.72.76.61:0
2024-12-10 11:36:44.140452 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: accepted proposal:
2024-12-10 11:36:44.140485 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: TSi_0 0:10.72.76.61-10.72.76.61:0
2024-12-10 11:36:44.140517 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: TSr_0 0:0.0.0.0-255.255.255.255:0
2024-12-10 11:36:44.140548 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: dialup
2024-12-10 11:36:44.140600 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: incoming child SA proposal:
2024-12-10 11:36:44.140631 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: proposal id = 1:
2024-12-10 11:36:44.140661 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531:   protocol = ESP:
2024-12-10 11:36:44.140690 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531:      encapsulation = TUNNEL
2024-12-10 11:36:44.140721 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531:         type=ENCR, val=AES_CBC (key_len = 128)
2024-12-10 11:36:44.140750 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531:         type=INTEGR, val=SHA
2024-12-10 11:36:44.140780 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531:         type=ESN, val=NO
2024-12-10 11:36:44.140809 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531:         PFS is disabled
2024-12-10 11:36:44.140844 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: matched proposal id 1
2024-12-10 11:36:44.140872 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: proposal id = 1:
2024-12-10 11:36:44.140902 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531:   protocol = ESP:
2024-12-10 11:36:44.140930 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531:      encapsulation = TUNNEL
2024-12-10 11:36:44.140960 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531:         type=ENCR, val=AES_CBC (key_len = 128)
2024-12-10 11:36:44.140990 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531:         type=INTEGR, val=SHA
2024-12-10 11:36:44.141095 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531:         type=ESN, val=NO
2024-12-10 11:36:44.141133 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531:         PFS is disabled
2024-12-10 11:36:44.141170 ike V=root:0:XXXXXX IPsec:459:IPSec VPN:531: lifetime=43200
2024-12-10 11:36:44.141254 ike V=root:0:XXXXXX IPsec:459: responder preparing AUTH msg
2024-12-10 11:36:44.141308 ike V=root:0:XXXXXX IPsec: adding new dynamic tunnel for xxx.xx.xxx.xx:24037
2024-12-10 11:36:44.144884 ike 0:XXXXXX IPsec_0:459: out C1ED4E56AA50B2A201D9466943A4A7D52E2023200000000500000150240001346424B36576F5B0A6113FEC3E8D2AE21246CF1E5F16AB700CB29859DDEAD0EF6F5435B46F24D8C2FFE2C7BC54E97FF0BD9DBDC2
65E45948EBF0F4685913FE109E95D3C5F6367815CB82F374C4D2D3DA58890A59930ADA9411943BEB7B980D05A073736F950A73CB11BB76A909723AA07E21E845C88FD3296504E6C31B66E714D2CCB68274BA1731241826238DC0A5DE4E3FA547EED34F107741ACC3DB133C39503AFE5
7180A067B1C04D2EEEDA48712C4719FF76F2DC753C959BBDDFDDC6021F0A41F154EF08F2A7DE2186AD71AD738FD9E90E9AAF92F7D8DB30CA356B7410E288526483D69EC1C369558C7A4210E18FABBCCB54BD2ECBB271B278DA1DD183EC2F5811527F9E7E79AC9DF72E0D67955DCD24E
E21EEE0F0F833E9A6F93282FD9FA790C42B10A0BB1095CCC4E7B721723DF
2024-12-10 11:36:44.145039 ike V=root:0:XXXXXX IPsec_0:459: sent IKE msg (AUTH_RESPONSE): xx.xx.xx.xx:500->xxx.xx.xxx.xx:24037, len=336, vrf=0, id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000005, oif=7
2024-12-10 11:36:45.603028 ike V=root:0: comes 44.221.5.255:500->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=76....
2024-12-10 11:36:45.603133 ike V=root:0: IKEv2 exchange=INFORMATIONAL id=efc0d18a3dc02ab3/c64ee058a45ecf72:00000097 len=76
2024-12-10 11:36:45.603166 ike 0: in EFC0D18A3DC02AB3C64EE058A45ECF722E202508000000970000004C000000309E635FD5101BE16277451C6DF4A9907176D73E5DBE09D628D646C82D4A541FEC338915D7BB1EF3B9BE40D3C1
2024-12-10 11:36:49.414823 ike V=root:0: comes xxx.xx.xxx.xx:24037->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=80....
2024-12-10 11:36:49.414915 ike V=root:0: IKEv2 exchange=INFORMATIONAL id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000006 len=80
2024-12-10 11:36:49.414950 ike 0: in C1ED4E56AA50B2A201D9466943A4A7D52E202508000000060000005000000034DD1AE9CC6A4DD0B3D3D5CC57CD6FEB582151DBFF0C79A2FE6EC7A28691012B81BE535BD90ED70E9A790F2BE3260A7A49
2024-12-10 11:36:49.415135 ike 0:XXXXXX IPsec_0:459: out C1ED4E56AA50B2A201D9466943A4A7D52E202520000000060000005000000034039AD27F33042472CBAACDFD2354D842067F79F6925E68EE4C4C779A9DDF3EA51AC65863384B3A922F0DCB2E57E2388D
2024-12-10 11:36:49.415217 ike V=root:0:XXXXXX IPsec_0:459: sent IKE msg (INFORMATIONAL_RESPONSE): xx.xx.xx.xx:500->xxx.xx.xxx.xx:24037, len=80, vrf=0, id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000006, oif=7
2024-12-10 11:36:53.275191 ike V=root:0: comes 34.199.9.216:500->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=76....
2024-12-10 11:36:53.275295 ike V=root:0: IKEv2 exchange=INFORMATIONAL id=c87c0c2ee891eeb5/0d86f6dc7c1926d8:0000006b len=76
2024-12-10 11:36:53.275329 ike 0: in C87C0C2EE891EEB50D86F6DC7C1926D82E2025080000006B0000004C000000309E217B52E0E4C116D5934E21FA420327118B9056A13819E575BBF891B90165358BCAE8983539BE162E306D17
2024-12-10 11:36:54.508733 ike V=root:0: comes xxx.xx.xxx.xx:24037->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=80....
2024-12-10 11:36:54.508838 ike V=root:0: IKEv2 exchange=INFORMATIONAL id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000007 len=80
2024-12-10 11:36:54.508874 ike 0: in C1ED4E56AA50B2A201D9466943A4A7D52E202508000000070000005000000034E371737C35A60367CEFB8FADB6B0E2ECE355EB6B024CA7A31328992F961A415F62BAFE85E2045092D344217DDC34079A
2024-12-10 11:36:54.509051 ike 0:XXXXXX IPsec_0:459: out C1ED4E56AA50B2A201D9466943A4A7D52E202520000000070000005000000034160084771A7C1012C373B45AAB8A915DA25076C0A01FF29C4C0D64E3551D5BDF5E9D887492898FF1127176C61B914530
2024-12-10 11:36:54.509144 ike V=root:0:XXXXXX IPsec_0:459: sent IKE msg (INFORMATIONAL_RESPONSE): xx.xx.xx.xx:500->xxx.xx.xxx.xx:24037, len=80, vrf=0, id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000007, oif=7
2024-12-10 11:36:55.603257 ike V=root:0: comes 44.221.5.255:500->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=76....
2024-12-10 11:36:55.603365 ike V=root:0: IKEv2 exchange=INFORMATIONAL id=efc0d18a3dc02ab3/c64ee058a45ecf72:00000098 len=76
2024-12-10 11:36:55.603399 ike 0: in EFC0D18A3DC02AB3C64EE058A45ECF722E202508000000980000004C0000003016D22DCF5CBA5AF284E6CD37B3CD0857D50E50B11E05060CEF3832854708559E28310B61AB84B00260BE41CC
2024-12-10 11:36:59.558692 ike V=root:0: comes xxx.xx.xxx.xx:24037->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=80....
2024-12-10 11:36:59.558779 ike V=root:0: IKEv2 exchange=INFORMATIONAL id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000008 len=80
2024-12-10 11:36:59.558813 ike 0: in C1ED4E56AA50B2A201D9466943A4A7D52E202508000000080000005000000034C88843B82C85DC7AB828B9CBB1FE713144BD03208459123C5A59EAD4A818B7FCB84C08A957226001F167321041CF10FB
2024-12-10 11:36:59.558967 ike 0:XXXXXX IPsec_0:459: out C1ED4E56AA50B2A201D9466943A4A7D52E2025200000000800000050000000343FA57A7368C2402D1544F3F87AF9982DBD10BF9F61A1E097036F02038B40B4AFCC7A105AA9F0E50AC716CED0E1E63CBF
2024-12-10 11:36:59.559050 ike V=root:0:XXXXXX IPsec_0:459: sent IKE msg (INFORMATIONAL_RESPONSE): xx.xx.xx.xx:500->xxx.xx.xxx.xx:24037, len=80, vrf=0, id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000008, oif=7
2024-12-10 11:37:02.314572 ike V=root:0: comes xxx.xx.xxx.xx:24037->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=80....
2024-12-10 11:37:02.314676 ike V=root:0: IKEv2 exchange=INFORMATIONAL id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000009 len=80
2024-12-10 11:37:02.314711 ike 0: in C1ED4E56AA50B2A201D9466943A4A7D52E20250800000009000000502A000034C5C08505E3DCE38965232B182DF9A2C80F258333AE906A904BE91A283C6DFF5AE41F03A80DE707F79709769AB959F373
2024-12-10 11:37:02.314888 ike 0:XXXXXX IPsec_0:459: out C1ED4E56AA50B2A201D9466943A4A7D52E202520000000090000005000000034EC548327AEFBA84A6BB5033621F66B9BA9BD29844DADC1703A687AE85FC2878BA7F8FE8373C1820C57A96D3586F8AB83
2024-12-10 11:37:02.314993 ike V=root:0:XXXXXX IPsec_0:459: sent IKE msg (INFORMATIONAL_RESPONSE): xx.xx.xx.xx:500->xxx.xx.xxx.xx:24037, len=80, vrf=0, id=c1ed4e56aa50b2a2/01d9466943a4a7d5:00000009, oif=7
2024-12-10 11:37:03.275750 ike V=root:0: comes 34.199.9.216:500->xx.xx.xx.xx:500,ifindex=7,vrf=0,len=76....
2024-12-10 11:37:03.275854 ike V=root:0: IKEv2 exchange=INFORMATIONAL id=c87c0c2ee891eeb5/0d86f6dc7c1926d8:0000006c len=76
2024-12-10 11:37:03.275897 ike 0: in C87C0C2EE891EEB50D86F6DC7C1926D82E2025080000006C0000004C00000030887C2EB295D06B7277C35D049CB9415FC39C32CCF6937A0F26B8B404F9924224B27A1D18C3D6CD534A05EEE5

 

 

 

I have already researched on the internet and tried various things.

-> disable IPV6 on the WiFi/NIC Adapter

-> KB2693643 - But this update is not installed on my device.

-> RSAT is not installed on my device.

 

Best Regards
fabs

Labels:
485
0 Kudos
14 REPLIES 14
sjoshi
Staff
Staff

Created on ‎12-10-2024 05:05 AM

Hi,

 

So your issue is tunnel is connected but facing issue with communication.

 

take the pcap

diag sniff packet any 'host x.x.x.x and icmp' 4 0 l >> ping any one of the srv

 

take debug flow

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/54688/debugging-the-packet-f...

Let us know if this helps.
Salon Raj Joshi
352
fabs
New Contributor III
In response to sjoshi

Created on ‎12-10-2024 05:59 AM

@sjoshi 
Yes correct, the tunnel is connected.
Regarding the pcap I can see the incoming and outgoing packets
10.72.76.61 is the IPsec address of my device and 192.168.10.1 is an address of the internal LAN.

100f_serverroom # diag sniff packet any 'host 10.72.76.61 and icmp' 4 0 l 
interfaces=[any]
filters=[host 10.72.76.61 and icmp]
2024-12-10 14:46:16.000628 ****** IPsec in 10.72.76.61 -> 192.168.10.1: icmp: echo request
2024-12-10 14:46:16.000628 ****** IPsec in 10.72.76.61 -> 192.168.10.1: icmp: echo request
2024-12-10 14:46:16.000883 ****** IPsec out 192.168.10.1 -> 10.72.76.61: icmp: echo reply
2024-12-10 14:46:16.000883 ****** IPsec out 192.168.10.1 -> 10.72.76.61: icmp: echo reply


 

333
0 Kudos
sjoshi
Staff
Staff
In response to fabs

Created on ‎12-10-2024 09:50 PM

So one thing you can do is verify if the reply being sent from the FGT is being received on the FCT side.. Run the same pcap on the FGT and again simultaneously on the PC open wireshark and select ssl vpn adapter and it will show if the packet being sent from the FGT is being received over there on the PC 

Let us know if this helps.
Salon Raj Joshi
280
fabs
New Contributor III
In response to sjoshi

Created on ‎12-11-2024 02:21 AM

@sjoshi 
FGT: 

2024-12-11 10:49:45.914086 VLAN10 in 192.168.10.1 -> 10.72.76.61: icmp: echo reply
2024-12-11 10:49:45.914086 VLAN10 in 192.168.10.1 -> 10.72.76.61: icmp: echo reply
2024-12-11 10:49:45.914131 ****** IPsec out 192.168.10.1 -> 10.72.76.61: icmp: echo reply
2024-12-11 10:49:45.914131 ****** IPsec out 192.168.10.1 -> 10.72.76.61: icmp: echo reply

Client:
Screenshot 2024-12-11 110836.png

255
0 Kudos
sjoshi
Staff
Staff
In response to fabs

Created on ‎12-11-2024 04:21 AM

seems there is some issue with the FCT as we see the traffic is being sent from FGT but dont see the same on the PC wireshark.(the reply packet)

this potential could be issue with v7.4.1 FCT as you have already verified with another FCT v7.4.2 and works fine. Can you confirm one thing did you check on the same PC with same user where it worked with v7.4.2 FCT?

 

disable IPV6 >> you have disable this on wifi NIC can you please disable it for SSL VPN adapter too

Let us know if this helps.
Salon Raj Joshi
239
0 Kudos
fabs
New Contributor III
In response to sjoshi

Created on ‎12-11-2024 04:26 AM Edited on ‎12-11-2024 04:27 AM

@sjoshi 
I have this problem with FortiClientVPN Windows 7.4.1.1736
FortiClientVPN iOS 7.4.2.0151 works fine.
As i know there is no FortiClientVPN 7.4.2 for Windows?


I've already tried IPv6 disable on the WiFi Adapter and Fortinet Adapters.
I've already tried with firewall off, no luck. Further I've excluded the folder C:\Program Files\Fortinet\FortiClientVPN\ from our Defender Attack Surface Reduction
 




234
0 Kudos
sjoshi
Staff
Staff
In response to fabs

Created on ‎12-11-2024 04:58 AM

Hi,

 

I tested in my lab and traffic communication works fine with FCT v7.4.1

I downloaded the FCT VPN only from here 

https://www.fortinet.com/support/product-downloads#ztna

 

But my lab PC was wins 10..I will check on wins 11 and let you know.

 

Can you also confirm if you have tested on other machine and if the issue is same for all user or specific user?

Let us know if this helps.
Salon Raj Joshi
225
0 Kudos
fabs
New Contributor III
In response to sjoshi

Created on ‎12-11-2024 05:01 AM

@sjoshi 
Yes we have this issue several laptops (Lenovo) and several users.
I'll test this behavior now with a none corporate device.

221
0 Kudos
sjoshi
Staff
Staff
In response to fabs

Created on ‎12-11-2024 11:07 AM

yes try to check on non domain user.

Further I tested even in Wins 11 with v7.4.1 and communication is working fine

Do you have any other endpoint install on the PC?

Further help can be check using FCT diagnostic output:-

https://docs.fortinet.com/document/forticlient/7.4.1/administration-guide/748524/diagnostic-tool

Let us know if this helps.
Salon Raj Joshi
210
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.