Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortimaster
Contributor II

Created on ‎03-12-2024 02:28 PM Edited on ‎03-12-2024 02:30 PM

IPSEC Tunnel doesn't match user in incoming traffic.

Hi all,


I have create an IPSEC dial up tunnel with Ike v2 and NAT-T. I use Forticlient to connect to it and it works well. 

 

I have observed that some traffic are denyed cause when I send traffic across the tunnel, the user with witch Im logged (using forticlient) is not associated with the incoming traffic. I can see the IP from the private tunnel network but not the username. That causes the incoming traffic matches a deny policy, cause I use an user group in the incoming rule that permits traffic from the IPSEC interface. For example, I can see traffic from 192.168.106.x but the incoming traffic has not an user associated.

Why the username with witch Im connected to the tunnel are not matched in incoming traffic?

I attach you the tunnel configuration:

one.JPGtwo.JPG

 

Thanks ¡¡¡

 

Labels:
1835
0 Kudos
1 Solution
hbac
Staff
Staff
In response to fortimaster

Created on ‎03-22-2024 07:57 AM

@fortimaster,

 

Yes, it is a limitation because "inherit from policy" doesn't exist when using IKEv2. You can submit a new feature request for it if you want. 

 

Regards, 

View solution in original post

1599
0 Kudos
12 REPLIES 12
fortimaster
Contributor II
In response to hbac

Created on ‎03-22-2024 01:28 AM

Hi hbac. Ikev2 is recommended whenever possible. Could you confirm me that with this protocol I have that limitation? I am surprised cause I thought that Ikev1 is an evolution of ikev2.

455
0 Kudos
hbac
Staff
Staff
In response to fortimaster

Created on ‎03-22-2024 07:57 AM

@fortimaster,

 

Yes, it is a limitation because "inherit from policy" doesn't exist when using IKEv2. You can submit a new feature request for it if you want. 

 

Regards, 

1600
0 Kudos
fortimaster
Contributor II
In response to hbac

Created on ‎03-22-2024 08:04 AM

Thanks hbac. I will do different tunnels to solve that limitation. Thank you very much for your help ¡

432
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.