Fortigate L2TP IPsec vpn - Windows native
L2tp IPsec vpn configuration using GUI -
Below are the following steps what I have configured in Fortigate Firewall for L2tp IPsec vpn.
Step1 - Fistly created local user let's suppose - test, password test123.
Step2 - created one group the name of group vpn_group and added that local user in vpn_group.
Step3 - Now I went to VPN section and under the vpn section, selected IPsec Wizard.
Name - L2tp_IPsecvpn
template type - Remote access vpn
Remote device type - native then next windows native
Step4 - Authentication
preshared key - test@123
usergroup - vpn_group
Step5 - In Policy & Routing
Local interface - Port2 which is connected to LAN switch
Local address - 50.1.2.0/24
Client address range - 1.1.1.100 - 1.1.1.110
subnetmask - 255.255.255.255 (leave default)
then click ok.
Now Policy configuration -
Incoming interface - tunnel interface
Outgoing interface - port2 (which is connected to LAN switch)
source address - 1.1.1.100 - 1.1.1.110 (vpn range address)
outgoing address - local address ( 50.1.2.0/24)
internet services - all
Schedule -always
Service - all
action - Ipsec
NAT disabled
Applied security polices - IPS,APP,Antivirus
log enable
ok.
In windows machine -
Windows, click on Start >> Settings >> Network & Internet >> VPN >> Add a VPN connection.
server address - 192.168.77.2 (WAN interface IP of the fortigate firewall - port1)
vpn type - preshared key - test@123
username & password - test, test123
Blow is the network digram for example -
Having configured these things, My windows machine is not able to connecte through this L2tp Ipsec vpn.
Can you anybody have a look this configuration throughly and correct If in case of there are any missing.
thank you for your help.
Hello
Can you try following and croschecking with this really good step by step setup guide and see if something is missing from your end
And to further troubleshoot after following the above config guide please follow and share debugs according to :
Thant's great but there is no any policy configured as per the screenshots.
Can you mention here what would be the policy.
Waiting for your reply....thank you in advance
Hi,
I would like to tell you, I had gone through your link what you had shared, but L2TP IPsec tunnel is showing down.
and here are the policy -
Can you please find the error and let me know why tunnel is showing down.
Created on 12-24-2022 12:25 AM Edited on 12-24-2022 12:26 AM
Hi,
Have you tried connecting?
Also, to find the error you should do some debug on your end and see why it isn't working, I can only guess and my guessing goes so far when there are no logs provided of the issue.
Here is a guide to start from, while trying to connect and it isnt working.
Thant's great but there is no any policy configured as per the screenshots.
Can you mention here what would be the policy.
Hi Umesh,
As per attached screenshot for firewall policy noticed that you have configured the L2tp_VPN interface for accessing local subnet in firewall policy name : "vpn_L2tp_vpn_remote".
If its related to local private traffic , then please try changing src interface as below.
src interface : "l2t.root"
And still issue persist, share below command logs.
show firewall policy
show vpn l2tp
show router static | grep -f l2tp
show vpn ipsec phase1-interface <phase1name>
show vpn ipsec phase2-interface <phase2name>
Thanks,
Mayur Padma
Hi,
In step 4 the incoming interface is the one that the user will connect to, in your case port1.
Can you confirm that you did this ?
Also, does your FortiGate have a route back to your client through port1 ?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.