A snippet of your cfg would be helpful. But yes the QM selector should be 0.0.0.0/0 since we have no ideal as to what the client will be set. Have you ran any diagnostic to determine where and how far your getting with the client?

Hi, thanks for the reply. how do i get the cfg snippet? Or better yet, how do i run diagnostics on the VPN? Never had to do such things before... I can tell how far by using the Client' s Test option, I can see it passes the phase 1, and phase 2 authentications, afterwards it' s on hold with the quick mode and nothing happens untill it fails.

This is what i see: Now install tunnels into kernel: 1 sys_get_local_gwy() called: [in] remote gw: 46.120.93.115. [in] Next hop: 0.0.0.0 sys_get_local_gwy() called: [in] remote gw: 46.120.93.115. [in] Next hop: 0.0.0.0 sys_get_local_gwy() called: [in] remote gw: 46.120.93.115. [in] Next hop: 0.0.0.0 sys_get_local_gwy() called: [in] remote gw: 46.120.93.115. [in] Next hop: 0.0.0.0 End installing tunnels GetIpInterfaceEntry() old interface 22 metric is 50 SetIpInterfaceEntry() Interface metric changed to 20 vnic metric changed to 20! vnic metric changed to 20 and restarted! Got a kernel message Detect local gateway for peer: 46.120.93.115 sys_get_local_gwy() called: [in] remote gw: 46.120.93.115. [in] Next hop: 0.0.0.0 sys_get_local_gwy() called: [in] remote gw: 46.120.93.115. [in] Next hop: 192.168.11.99 Get sa_connect message...192.168.11.108->46.120.93.115:500, natt_mode=0 Using new connection...natt_mode=0 Set connection name = WORK. Tunnel 192.168.11.108 ---> 46.120.93.115:500,natt_en=1 is starting negotiation Will negotiate a DHCP SA Initiator: sent 46.120.93.115 aggressive mode message #1 (OK) Initiator: sent 46.120.93.115 aggressive mode message #2 (DONE) XAuth requesting user name and password Responder: parsed 46.120.93.115 xauth_client mode message #0 (OK) Responder: parsed 46.120.93.115 xauth_client mode message #2 (OK) Initiator: parsed 46.120.93.115 xauth_client mode message #0 (OK) Responder: parsed 46.120.93.115 xauth_client mode message #0 (OK) *** initiator selectors ids: peer:0.0.0.0(0.0.0.0), me:192.168.11.108(0.0.0.0) Initiator: sent 46.120.93.115 quick mode message #1 (OK) AND: Jul 8 15:24:19: Initiator: sent 46.120.93.115 aggressive mode message #1 (OK) Jul 8 15:24:19: Initiator: sent 46.120.93.115 aggressive mode message #2 (DONE) Jul 8 15:24:19: Responder: parsed 46.120.93.115 xauth mode message #0 (OK) Jul 8 15:24:19: Responder: parsed 46.120.93.115 xauth mode message #2 (OK) Jul 8 15:24:19: Initiator: parsed 46.120.93.115 xauth mode message #0 (OK) Jul 8 15:24:19: Responder: parsed 46.120.93.115 xauth mode message #0 (OK) Jul 8 15:24:20: Initiator: sent 46.120.93.115 quick mode message #1 (OK)

Can' t anyone help me with this? It' s practically working! all i need is some help around with the Quick Mode, i have no idea what it means and i' m new to Autokey(IKE) VPN.

Hey Zeev! Sorry I haven' t worked with your model, but I have a 200B and I have some problems with dialup users.... after defining them I can' t find my tunnel in policies. maybe it' s some problem with the os or maybe there is something we should do... I don' t know, I am looking for the answer.

Hi Samanka, I also can' t see the policy. I did notice tho, that when i do not add a policy for my VPN it remains stuck at the " Send aggresive mode" phase 1 authentication. Try to add policy for : Source: <VPN> Any Destination <Internal> Any Any Leave it on Accept. It worked for me. Let me know if yours worked, mine remains stuck at phase 2 Quick Mode status...

Providing a santizied review of your cfgs, would be quite helpful into understanding what you configured i.e show vpn ipsec phase2 show vpn ipsec phase1 suggestion: if you will review the fortigate mr4 VPN guide, it gives great clear examples on how to setup RA-ipsec.

I managed to start the debugger through CLI, and watched the session running(Client trying to connect) and it always gets stuck on this: peer has not completed Configuration Method