IPSEC with IPAD

dubbsix · ‎09-06-2011

Having trouble connecting IPAD with one of my fortigates. I can connect and be issued an IP address, but once connected I cant access any of my internal hosts. Anyone else having this issue?

Fortinet FanBoy.

Paul_Dean · ‎09-06-2011

What steps have you taken? Can you post the config for this so people might be able to help? I' ve not gotten this to work. The documentation I have for this looks out of date.

NSE4

lavinius · ‎09-06-2011

I got this to work on my iPhone, let me know what you' re trying to achieve and I might be able to help

----------------------------------------------------------------- There is a war inside my head, if I take a day off I' ll die

dubbsix · ‎09-11-2011

We are simply trying to get an ipad to connect to our 80c over ipsec vpn and hit an internal website. The issue is that we connect, but cant hit any internal sites.

Fortinet FanBoy.

Fullmoon · ‎09-12-2011

A sort of routing issues from your ipad network going to your internal network.its a matter of guessing on my part.is it possible to post your configurations here?

Fortigate Newbie

lmuir · ‎09-12-2011

iPads use the Cisco client don' t they? If so - http://kb.fortinet.com/kb/dynamickc.do?cmd=show&forward=nonthreadedKC&docType=kc&externalId=FD30166&sliceId=1

lavinius · ‎09-19-2011

with ipads and iphones I had to do this " set dhgrp 2" and use ipv4-split-include the network i want to hit

----------------------------------------------------------------- There is a war inside my head, if I take a day off I' ll die

rmnetops · ‎09-26-2011

Can someone post the FortiGate IPSEC config they used for this?

Paul_Dean · ‎10-19-2011

Don' t know if you got this working or not but here is how I did it: config firewall address edit " net-internal1" set associated-interface " internal1" set subnet 192.168.1.0 255.255.255.0 next edit " net-iusers-ipsec" set associated-interface " iusers" set subnet 10.10.10.0 255.255.255.0 next end config user local edit " iPad-user" set type password set passwd ENC <PASSWORD> next end config user group edit " iusers-grp" set member " iPad-user" next end config vpn ipsec phase1-interface edit " iusers" set type dynamic set interface " wan1" set dhgrp 2 set peertype one set xauthtype pap set mode aggressive set mode-cfg enable set proposal aes128-sha1 set peerid " iusers-grp" set authusrgrp " iusers-grp" set ipv4-start-ip 10.10.10.1 set ipv4-end-ip 10.10.10.254 set ipv4-netmask 255.255.255.0 set ipv4-dns-server1 192.168.1.10 set ipv4-split-include " net-internal1" set psksecret ENC <PSK> next end config vpn ipsec phase2-interface edit " iusers-p2" set phase1name " iusers" set proposal aes128-sha1 set dhgrp 2 next end Config firewall policy edit <ID> set srcintf " iusers" set dstintf " internal1" set srcaddr " net-iusers-ipsec" set dstaddr " net-internal1" set action accept set schedule " always" set service " ANY" set utm-status enable set logtraffic enable set comments " iOS VPN access." set av-profile " default" set application-list " default" set profile-protocol-options " default" next On the iPad you need to: Go to Settings-->VPN-->Add VPN Configuration Select IPSec Server=Phase 1 Local Interface IP for WAN1 Account=FortiGate user account Password= Group Name=FortiGate user group name Secret=PSK I' ve modifed this from a working config and have changed the names around so as not to give away my clients network IPs! Apologies for any typos.

NSE4

scerazy · ‎10-19-2011

I can not get: Accept peer ID in dialup group selected, as it is greyed out And I do not want this user to be local, but from LDAP group Seb