Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortinet FortiClient not connecting
Our Fortigate 200A (v4.0,build0513,120130 (MR3 Patch 5) is set up with VPN. When I try to use the FortiClient (5.2.0.0591) I can connect but I don' t see any packets being received and therefore can' t use Telnet or RDC But when I connect to the web portal using https://xx.xx.xx.211:10443 in a web browser I can ping and telnet using the portal..
I have tried using https://xx.xx.xx.211 , xx.xx.xx.211 and https://xx.xx.xx.211:10443 in the ForitClient but I get the same results..
I am connecting via a Mac OSX 10.7 and also a Window 7 Pro machine
It was working but nothing in the network has changed. My users are authenticating via a local username and password on the fortigate..
I am using SSL and not IPSEC
Thanks all
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- « Previous
-
- 1
- 2
- Next »
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think I found the issue but not sure how to fix it. Below is what I did:
We have a Cisco 3575 that the servers routers switches are hooked into. They are all on Vlan1. So I hooked up a machine directly to the Fortigate bypassing the Cisco 3750 and gave the machine I hooked up to the Fortigate a static IP of 10.0.0.10, connected using the FortiClient and I can ping and use RDC to connect to that machine..
I have tried butting a static rout in the fortigate to 10.0.0.254 (3750) but that didn' t work. Im not sure what to do now.. Below is the config of the 3750:
login as: Administrator
Using keyboard-interactive authentication.
Password:
core3750#enable
core3750#show run
Building configuration...
Current configuration : 13576 bytes
!
! Last configuration change at 14:46:32 CDT Wed Aug 7 2013 by administrator
! NVRAM config last updated at 14:46:32 CDT Wed Aug 7 2013 by administrator
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname core3750
!
boot-start-marker
boot-end-marker
!
logging buffered 100000 informational
!
username rrodichev privilege 15 secret 5 $1$pRUS$uua1IZTh6WRQ6c3ItqqHn/
username krueger privilege 15 secret 5 $1$qQga$aZfuCsbACVZ7I7V70x7pU1
username administrator privilege 15 secret 5 $1$Bxw1$bPdS/wlurqUb4izRU4/mY0
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
!
!
!
aaa session-id common
clock timezone CST -6
clock summer-time CDT recurring
switch 1 provision ws-c3750x-24
system mtu routing 1500
ip routing
ip dhcp excluded-address 10.0.10.1 10.0.10.99
ip dhcp excluded-address 10.0.10.200 10.0.10.254
!
ip dhcp pool 10.0.10.0
network 10.0.10.0 255.255.255.0
default-router 10.0.10.254
dns-server 4.2.2.2
!
!
no ip domain-lookup
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
crypto pki trustpoint TP-self-signed-86370432
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-86370432
revocation-check none
rsakeypair TP-self-signed-86370432
!
!
crypto pki certificate chain TP-self-signed-86370432
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 38363337 30343332 301E170D 39333033 30313030 30313135
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D383633 37303433
3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C937
0A314859 3BF660FE C0056823 B30B9BD9 F82E5DA9 4A9F26F3 AB561FAB D03E73F9
1B645AF3 B6D8B483 C7682AA0 3A6B06A0 813ED0B7 24B45F2F 3D1CED15 5F15CC28
4709DC3A BDEC89A5 E980414F A23B88C4 7CCC9A62 87E5571D B90F3867 4A21A9E5
77CFC6E1 C402A5DB 07BAEE10 344DFF3B DA66CB8E 72A51812 BF66DD4C 224F0203
010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603 551D1104
0D300B82 09636F72 65333735 302E301F 0603551D 23041830 16801433 143FE7AC
EE5A4CBA D82BE8C3 E2847FD4 21A62530 1D060355 1D0E0416 04143314 3FE7ACEE
5A4CBAD8 2BE8C3E2 847FD421 A625300D 06092A86 4886F70D 01010405 00038181
003D6DA4 4AE2F6CD DB870C97 60F936A0 F8494DD4 AE909FB8 6C3B523A BC2880DE
43FA9535 E744E5EA 0F401A55 08539287 05488C10 24349D27 C8445DAF 4642FB2D
358D14A4 8212DAB2 70582D21 EDFBC49B 29A1BDB1 7E082789 29A67D17 914528E9
A87E1F0F A7F4F305 963B6397 6D06CB09 8327A8D2 F637F25B 9BB59183 C153F833 21
quit
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-1001 priority 4096
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery interval 30
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet1/0/1
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/5
description Exchange 2010
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/6
description Domain Controller
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/7
description SMTP-192.168.6.5
switchport access vlan 666
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/10
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/11
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/13
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/14
description SMTP-192.168.6.209
switchport access vlan 666
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/15
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/16
description ASA5505 INSIDE 10.0.0.252/24
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/17
description FORTINET DMZ1 192.186.6.1/24
switchport access vlan 666
switchport mode access
speed 100
duplex full
spanning-tree portfast
!
interface GigabitEthernet1/0/18
description Barracuda Web 192.168.0.35/24
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/19
description Barracuda Email 192.168.6.25/24 DMZ
switchport access vlan 666
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/20
description NB1720 10.0.0.249/24
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/21
description Uplink to TDS Switches
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/22
description FORTINET INTERNAL 10.0.0.253/24
switchport mode access
switchport voice vlan 10
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet1/0/23
description STACK2960 G1/0/48
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
channel-group 1 mode on
!
interface GigabitEthernet1/0/24
description STACK2960 G2/0/48
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust
channel-group 1 mode on
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
ip address 192.168.0.254 255.255.255.0 secondary
ip address 10.0.0.254 255.255.255.0
!
interface Vlan10
ip address 10.0.10.254 255.255.255.0
!
interface Vlan11
ip address 10.0.11.254 255.255.255.0
ip helper-address 10.0.0.231
!
interface Vlan12
ip address 10.0.12.254 255.255.255.0
ip access-group wireless-guest in
ip helper-address 10.0.0.231
!
!
router eigrp 1
network 10.0.0.0
redistribute static route-map static-to-eigrp
eigrp stub connected static summary
!
ip default-gateway 192.168.0.254
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.253 tag 666
ip route 10.0.254.0 255.255.255.0 10.0.0.252
ip route 192.168.2.0 255.255.255.0 10.0.0.252
ip http server
ip http authentication local
ip http secure-server
!
ip access-list extended wireless-guest
permit udp any eq bootpc any eq bootps
deny ip any 10.0.0.0 0.255.255.255
deny ip any 192.168.0.0 0.0.255.255
deny ip any 172.16.0.0 0.15.255.255
permit ip any any
!
ip sla enable reaction-alerts
route-map static-to-eigrp permit 10
match tag 666
!
snmp-server community CascioRO RO
!
!
line con 0
logging synchronous
line vty 0 4
logging synchronous
transport input telnet ssh
line vty 5 15
logging synchronous
transport input telnet ssh
!
ntp clock-period 36027385
ntp server 128.2.136.71
end
core3750#
core3750#
Thanks so much for all the help
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OP, diag debug flow is your friend and yes that' s a CLI command. Do a search in this forum for the numerous examples on how to execute
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
- « Previous
-
- 1
- 2
- Next »