I'm currently trying to troubleshoot the VPN tunnel why it won't work and what is missing for it to work. Problem is, I can't reach or have any connection to the dialup peer for the VPN. I only have a backup of the config so I can try to imitate the general configuration. The certificates that were used for the VPN have been imported to the local certificates in the Fortigate. The authentication from the peer were so:
(Lancom-Router)
Local Authentication: Digital-Signature
Local Identity-Type: ASN. 1-Distinguished
Local Identitity: /CN=Lancom-Router
Rem. Authentication: Digital Signature
Rem. Identity-Type: ASN. 1-Distinguished
Rem. Identitity: /CN=UF-360
Local Certificate: Lancom-Router-Cert
(Fortigate)
config vpn ipsec phase1-interface
edit "Lancom-Router-VPN-CERT"
set type dynamic
set ike-version 2
set authmethod signature
set net-device disable
set localid "/CN=UF-360"
set certificate "UF-360"
set peer "Lancom-Router-Peer"
next
end
config user peer
edit "Lancom-Router-Peer"
set ca "CA_UF-360"
set subject "/CN=Lancom-Router"
set cn "/CN=Lancom-Router"
next
end
What did I miss? (The certificates were made on the UF-360)
Hi @MG4,
IKE debug will be useful. Please refer to https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955
Regards,
I don't know the peer IP address (from the LANCOM-Router), so I can't troubleshoot on the FortiGate.
The config snippet is insufficient to create an IPsec setup on a FortiGate.
All we have is a description of how the authentication should be done (certificates), IKE version (v2, based on your own words), but no info about the encryption ciphers, or anything else.
What you can do is run IKE debug on the FortiGate (as @hbac suggest) with what you've already configured, and then monitor the outputs while you have the remote peer attempt to connect to the FortiGate. The debugs will show what is being offered. You can then tweak the FortiGate-side configuration to make it match.
User | Count |
---|---|
1923 | |
1144 | |
769 | |
447 | |
279 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.