I have tried to set up a VPN connection between a Fortigate 90D and a Windows 10 native client. According to the logs, the negotations are correct but the connection is dropped.
This is my config:
config vpn ipsec phase1-interface edit "VPN_Windows" set type dynamic set interface "wan2" set keylife 28800 set peertype dialup set proposal aes256-md5 3des-sha1 aes192-sha1 set dhgrp 2 set usrgrp "VPN users" set psksecret ENC DJeIczJZqdMFw... next end
config vpn ipsec phase2-interface edit "VPN_Windows" set phase1name "VPN_Windows" set proposal aes256-md5 3des-sha1 aes192-sha1 set pfs disable set keepalive enable set encapsulation transport-mode set l2tp enable set keylifeseconds 3600 next end
I setup the VPN connection on Windows 10, setting the preshared key correctly.
These are some lines you may find useful in the FG log:
ike 0:70f373750b2a2064/0000000000000000:50: SA proposal chosen, matched gateway VPN_Windows
ike 0:VPN_Windows:50: PSK authentication succeeded ike 0:VPN_Windows:50: authentication OK
ike 0:VPN_Windows_0:50:VPN_Windows:26: matched phase2
And then this:
ike 0:VPN_Windows_0:50: recv IPsec SA delete, spi count 1 ike 0:VPN_Windows_0: deleting IPsec SA with SPI d6050872 ike 0:VPN_Windows_0:VPN_Windows: deleted IPsec SA with SPI d6050872, SA count: 0 ike 0:VPN_Windows_0: sending SNMP tunnel DOWN trap for VPN_Windows ike 0:VPN_Windows_0:26: del route 190.19.57.99/255.255.255.255 oif VPN_Windows_0(67) metric 15 priority 0 ike 0:VPN_Windows_0:VPN_Windows: delete
This is the complete FG log:
FGT90D3Z15006898 # ike 0: comes 190.19.57.99:500->181.165.243.118:500,ifindex=6.... ike 0: IKEv1 exchange=Identity Protection id=70f373750b2a2064/0000000000000000 len=408 ike 0: in 70F373750B2A206400000000000000000110020000000000000001980D0000D40000000100000001000000C801010005030000280101000080010007800E0100800200028004001480030001800B0001000C000400007080030000280201000080010007800E0080800200028004001380030001800B0001000C000400007080030000280301000080010007800E0100800200028004000E80030001800B0001000C000400007080030000240401000080010005800200028004000E80030001800B0001000C000400007080000000240501000080010005800200028004000280030001800B0001000C0004000070800D00001801528BBBC00696121849AB9A1C5B2A51000000010D0000181E2B516905991C7D7C96FCBFB587E461000000090D0000144A131C81070358455C5728F20E95452F0D00001490CB80913EBB696E086381B5EC427B1F0D0000144048B7D56EBCE88525E7DE7F00D6C2D30D000014FB1DE3CDF341B7EA16B7E5BE0855F1200D00001426244D38EDDB61B3172A36E3D0CFB81900000014E3A5966A76379FE707228231E5CE8652 ike 0:70f373750b2a2064/0000000000000000:50: responder: main mode get 1st message... ike 0:70f373750b2a2064/0000000000000000:50: VID unknown (20): ▒9▒▒▒▒~xj0PZ▒ ike 0:70f373750b2a2064/0000000000000000:50: VID MS NT5 ISAKMPOAKLEY 1E2B516905991C7D7C96FCBFB587E46100000009 ike 0:70f373750b2a2064/0000000000000000:50: VID RFC 3947 4A131C81070358455C5728F20E95452F ike 0:70f373750b2a2064/0000000000000000:50: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F ike 0:70f373750b2a2064/0000000000000000:50: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:70f373750b2a2064/0000000000000000:50: VID unknown (16): 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:70f373750b2a2064/0000000000000000:50: VID unknown (16): 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0:70f373750b2a2064/0000000000000000:50: VID unknown (16): 4048B7D56EBCE88525E7DE7F00D6C2D3 ike 0: cache rebuild start ike 0: cache rebuild done ike 0:70f373750b2a2064/0000000000000000:50: negotiation result ike 0:70f373750b2a2064/0000000000000000:50: proposal id = 1: ike 0:70f373750b2a2064/0000000000000000:50: protocol id = ISAKMP: ike 0:70f373750b2a2064/0000000000000000:50: trans_id = KEY_IKE. ike 0:70f373750b2a2064/0000000000000000:50: encapsulation = IKE/none ike 0:70f373750b2a2064/0000000000000000:50: type=OAKLEY_ENCRYPT_ALG, val=3DES_CBC. ike 0:70f373750b2a2064/0000000000000000:50: type=OAKLEY_HASH_ALG, val=SHA. ike 0:70f373750b2a2064/0000000000000000:50: type=AUTH_METHOD, val=PRESHARED_KEY. ike 0:70f373750b2a2064/0000000000000000:50: type=OAKLEY_GROUP, val=MODP1024. ike 0:70f373750b2a2064/0000000000000000:50: ISAKMP SA lifetime=28800 ike 0:70f373750b2a2064/0000000000000000:50: SA proposal chosen, matched gateway VPN_Windows ike 0:VPN_Windows: created connection: 0x2c46298 6 181.165.243.118->190.19.57.99:500. ike 0:VPN_Windows:50: selected NAT-T version: RFC 3947 ike 0:VPN_Windows:50: cookie 70f373750b2a2064/548bcd7c926fe71b ike 0:VPN_Windows:50: out 70F373750B2A2064548BCD7C926FE71B0110020000000000000000BC0D00003800000001000000010000002C01010001000000240501000080010005800200028004000280030001800B0001000C0004000070800D0000144A131C81070358455C5728F20E95452F0D000014AFCAD71368A1F1C96B8696FC775701000D0000148299031757A36082C6A621DE000504280D0000144048B7D56EBCE88525E7DE7F00D6C2D3000000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000 ike 0:VPN_Windows:50: sent IKE msg (ident_r1send): 181.165.243.118:500->190.19.57.99:500, len=188, id=70f373750b2a2064/548bcd7c926fe71b ike 0: comes 190.19.57.99:500->181.165.243.118:500,ifindex=6.... ike 0: IKEv1 exchange=Identity Protection id=70f373750b2a2064/548bcd7c926fe71b len=260 ike 0: in 70F373750B2A2064548BCD7C926FE71B0410020000000000000001040A000084286249D3911D62F29E314C2EE88DF16EB69D8F0A974426C631A39EFE73E81C62442A358B3B0965B553B8913EC568D81177932217D103EF8AF7CB92E33C2F36EED8FB29152F49F50B1ECC3DDD57BFDB46135D47A7AB06A6DAC7E564C3EB2F62FDF12B855118D0BFAB80B9926848D040806EFB363C4D120228603729AA806A80C0140000343DEA17C088D411E683239BFF9292B07D29E50AD2CB808209DA4B08C1AD98E6E95935B4E697184B436C972F54C29A000D14000018307C717C5A82491E4C7CB4E6B1279DEC681078E30000001832EC4036DB63FB5A799D749F47899B60401FE732 ike 0:VPN_Windows:50: responder:main mode get 2nd message... ike 0:VPN_Windows:50: NAT detected: PEER ike 0:VPN_Windows:50: out 70F373750B2A2064548BCD7C926FE71B0410020000000000000000E40A000084B15BA187AA240FED3B79A9DF15E5E8E89DB48093F50363D9C03750F1873FF939CBDF101F410A344DDAD238DBEF71A754FFAC03F0B3415B4345037152491AD7448FB73FDF4F5B50CA9B68E5389C0D6E0ED6415CEEF151F7D55E91CE5802810C295F78DED7DB902EA16C0D0B3D9E1D22CFDDD7A158CBBA6AB4DBF7C12FE4508C411400001457A5C3EBA2EDD5FE8FED60ACAC1087D5140000180A1D7AD8C73F8F8364641D797F38ADC77469232B00000018307C717C5A82491E4C7CB4E6B1279DEC681078E3 ike 0:VPN_Windows:50: sent IKE msg (ident_r2send): 181.165.243.118:500->190.19.57.99:500, len=228, id=70f373750b2a2064/548bcd7c926fe71b ike 0:VPN_Windows:50: ISAKMP SA 70f373750b2a2064/548bcd7c926fe71b key 24:1C2FF49C6F811EBC765E527E206040CE666ABB3E19A3179B ike 0: comes 190.19.57.99:4500->181.165.243.118:4500,ifindex=6.... ike 0: IKEv1 exchange=Identity Protection id=70f373750b2a2064/548bcd7c926fe71b len=68 ike 0: in 70F373750B2A2064548BCD7C926FE71B051002010000000000000044946BCFA0E524D8AD0862A8AC0D48BC6312D29FF10A90AE8077912DC3B5918EEA68413FC0063DECA3 ike 0:VPN_Windows:50: responder: main mode get 3rd message... ike 0:VPN_Windows:50: dec 70F373750B2A2064548BCD7C926FE71B0510020100000000000000440800000C01000000C0A8010F00000018FF75AB514738C1B1929053D95224DCFDE53F9DFB00000000 ike 0:VPN_Windows:50: peer identifier IPV4_ADDR 192.168.1.15 ike 0:VPN_Windows:50: PSK authentication succeeded ike 0:VPN_Windows:50: authentication OK ike 0:VPN_Windows:50: enc 70F373750B2A2064548BCD7C926FE71B0510020100000000000000400800000C01000000B5A5F376000000182F607F7AEB98F4729D84A29AC8B5F432EFD15F95 ike 0:VPN_Windows:50: remote port change 500 -> 4500 ike 0:VPN_Windows:50: out 70F373750B2A2064548BCD7C926FE71B051002010000000000000044E71C4ED20BA434AE7E532BE96589987F5883FFA9BE5F507A831293BC68CF2D1319DCFB040EC505E4 ike 0:VPN_Windows:50: sent IKE msg (ident_r3send): 181.165.243.118:4500->190.19.57.99:4500, len=68, id=70f373750b2a2064/548bcd7c926fe71b ike 0:VPN_Windows: adding new dynamic tunnel for 190.19.57.99:4500 ike 0:VPN_Windows_0: added new dynamic tunnel for 190.19.57.99:4500 ike 0:VPN_Windows_0:50: established IKE SA 70f373750b2a2064/548bcd7c926fe71b ike 0:VPN_Windows_0: DPD disabled, not negotiated ike 0:VPN_Windows_0:50: no pending Quick-Mode negotiations ike 0: comes 190.19.57.99:4500->181.165.243.118:4500,ifindex=6.... ike 0: IKEv1 exchange=Quick id=70f373750b2a2064/548bcd7c926fe71b:00000001 len=436 ike 0: in 70F373750B2A2064548BCD7C926FE71B0810200100000001000001B4E3D9EED44D8B3D287080005EDF8787EAFA705FEAB967A8BD0FE2E149C1AD8CFA6334E92CB2B472F033646353E589FBD1BA0226BB71972481D8266C805260ED5F41252DB3AA417E91E37A2FCC80DD9902541B2344AD55A7A324092236DA92FDADB07485113F72CE4BEECE4D4D0FB6F73E7552FB9EE756D106FC8B1D5EFD0FD837744F668A20F721B759622EC83F348DF674C4F93DEF016C2E5148D8DF37364066C9EC432FEEC8DE76BFF34FF5CA0F6E2DC70D481547FB1AC6155AF137F63C6C9F361C1711B4F7380A1F793114AB03934CB56A7A5C2DDFF7D1520BE8B52673AAF4F6E6ECEC883E8B605BCF29EBFFB64163E154EAB914335D800178542B862E0B7824B27396AF33ABCF657C6861F3ED920DEA43B771E77A5EAECFDC458345CC287E27F36B661F13300EE8A9D5198EE9BBFE958E11238E60131452E61E79F624F24AAD019E896605EC6009766B86DBE2F978133A19C78A19B586D98E71B62D85DD006F6A00FFF8EA3C93BBD746E4C0CC09EB49654F3E18421725EFFDEFC7ED5187EA46BCE5DE932166979E2E3703B25900BDD935D520DEB9187E ike 0:VPN_Windows_0:50:26: responder received first quick-mode message ike 0:VPN_Windows_0:50: dec 70F373750B2A2064548BCD7C926FE71B0810200100000001000001B4010000185633637DE3F801975378AD00B0A1B73D69E9F7B50A00011800000001000000010200003801030401D60508720000002C010C0000800400048006010080050002800100010002000400000E1080010002000200040003D0900200003802030401D60508720000002C010C0000800400048006008080050002800100010002000400000E1080010002000200040003D0900200003403030401D605087200000028010300008004000480050002800100010002000400000E1080010002000200040003D0900200003404030401D605087200000028010200008004000480050002800100010002000400000E1080010002000200040003D0900000003405030401D605087200000028010B00008004000480050002800100010002000400000E1080010002000200040003D090050000340E2B70405FDD6B0BA1EF57A0F0851C386C6EB74D055864E7FECF8A933B4A1F1EB52765E31B21AAD56D6D3D5063BB2DAD0500000C011106A5C0A8010F1500000C011106A5B5A5F3761500000C01000000C0A8010F0000000C01000000B5A5F37600000000 ike 0:VPN_Windows_0:50:26: received NATOA-i 192.168.1.15 ike 0:VPN_Windows_0:50:26: received NATOA-r 181.165.243.118 ike 0:VPN_Windows_0:50:26: peer proposal is: peer:17:192.168.1.15-192.168.1.15:1701, me:17:181.165.243.118-181.165.243.118:1701 ike 0:VPN_Windows_0:50:VPN_Windows:26: trying ike 0:VPN_Windows_0:50:26: transport mode, override with 17:181.165.243.118-181.165.243.118:1701 -> 17:190.19.57.99-190.19.57.99:0 ike 0:VPN_Windows_0:50:VPN_Windows:26: matched phase2 ike 0:VPN_Windows_0:50:VPN_Windows:26: dynamic client ike 0:VPN_Windows_0:50:VPN_Windows:26: my proposal: ike 0:VPN_Windows_0:50:VPN_Windows:26: proposal id = 1: ike 0:VPN_Windows_0:50:VPN_Windows:26: protocol id = IPSEC_ESP: ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_AES_CBC (key_len = 256) ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = ENCAPSULATION_MODE_TRANSPORT ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=MD5 ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_3DES ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = ENCAPSULATION_MODE_TRANSPORT ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=SHA1 ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_AES_CBC (key_len = 192) ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = ENCAPSULATION_MODE_TRANSPORT ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=SHA1 ike 0:VPN_Windows_0:50:VPN_Windows:26: incoming proposal: ike 0:VPN_Windows_0:50:VPN_Windows:26: proposal id = 1: ike 0:VPN_Windows_0:50:VPN_Windows:26: protocol id = IPSEC_ESP: ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_AES_CBC (key_len = 256) ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = UDP_ENCAPSULATION_MODE_TRANSPORT_RFC3947 ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=SHA1 ike 0:VPN_Windows_0:50:VPN_Windows:26: incoming proposal: ike 0:VPN_Windows_0:50:VPN_Windows:26: proposal id = 2: ike 0:VPN_Windows_0:50:VPN_Windows:26: protocol id = IPSEC_ESP: ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_AES_CBC (key_len = 128) ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = UDP_ENCAPSULATION_MODE_TRANSPORT_RFC3947 ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=SHA1 ike 0:VPN_Windows_0:50:VPN_Windows:26: incoming proposal: ike 0:VPN_Windows_0:50:VPN_Windows:26: proposal id = 3: ike 0:VPN_Windows_0:50:VPN_Windows:26: protocol id = IPSEC_ESP: ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_3DES ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = UDP_ENCAPSULATION_MODE_TRANSPORT_RFC3947 ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=SHA1 ike 0:VPN_Windows_0:50:VPN_Windows:26: negotiation result ike 0:VPN_Windows_0:50:VPN_Windows:26: proposal id = 3: ike 0:VPN_Windows_0:50:VPN_Windows:26: protocol id = IPSEC_ESP: ike 0:VPN_Windows_0:50:VPN_Windows:26: trans_id = ESP_3DES ike 0:VPN_Windows_0:50:VPN_Windows:26: encapsulation = ENCAPSULATION_MODE_TRANSPORT ike 0:VPN_Windows_0:50:VPN_Windows:26: type = AUTH_ALG, val=SHA1 ike 0:VPN_Windows_0:50:VPN_Windows:26: using udp transport mode. ike 0:VPN_Windows_0:50:26: sending NATOA-i 190.19.57.99 ike 0:VPN_Windows_0:50:26: sending NATOA-r 181.165.243.118 ike 0:VPN_Windows_0:50:VPN_Windows:26: replay protection enabled ike 0:VPN_Windows_0:50:VPN_Windows:26: SA life soft seconds=3589. ike 0:VPN_Windows_0:50:VPN_Windows:26: SA life hard seconds=3600. ike 0:VPN_Windows_0:50:VPN_Windows:26: IPsec SA selectors #src=1 #dst=1 ike 0:VPN_Windows_0:50:VPN_Windows:26: src 0 7 17:181.165.243.118-181.165.243.118:1701 ike 0:VPN_Windows_0:50:VPN_Windows:26: dst 0 7 17:190.19.57.99-190.19.57.99:0 ike 0:VPN_Windows_0:50:VPN_Windows:26: add dynamic IPsec SA selectors ike 0:VPN_Windows_0:26: add route 190.19.57.99/255.255.255.255 oif VPN_Windows_0(67) metric 15 priority 0 ike 0:VPN_Windows_0:50:VPN_Windows:26: tunnel 1 of VDOM limit 0/0 ike 0:VPN_Windows_0:50:VPN_Windows:26: add IPsec SA: SPIs=57452c5a/d6050872 ike 0:VPN_Windows_0:50:VPN_Windows:26: IPsec SA dec spi 57452c5a key 24:C4EC4A717F891987DEC4BE10154F01986A8EA740164DF855 auth 20:78614E80FD34575C56C16BA6BB63BB946487B4D9 ike 0:VPN_Windows_0:50:VPN_Windows:26: IPsec SA enc spi d6050872 key 24:123C9F7E04996A0296F49BC23F1C97C8D4D269C7A953B0BC auth 20:AB709CF3448FBA2CAB4016E47EC1756488D430C5 ike 0:VPN_Windows_0:50:VPN_Windows:26: transport mode encapsulation is enabled ike 0:VPN_Windows_0:50:VPN_Windows:26: added IPsec SA: SPIs=57452c5a/d6050872 ike 0:VPN_Windows_0:50:VPN_Windows:26: sending SNMP tunnel UP trap ike 0:VPN_Windows_0:50: enc 70F373750B2A2064548BCD7C926FE71B0810200100000001000000B801000018CBDF495BA45DF1DCDDCCDFCAA9A3AB7038F741D90A0000400000000100000001000000340303040157452C5A00000028010300008004000480050002800100010002000400000E1080010002000200040003D0900500001428DD36778A4FA1B62F3F7E7DD28D39220500000C011106A5C0A8010F1500000C011106A5B5A5F3761500000C01000000BE1339630000000C01000000B5A5F376 ike 0:VPN_Windows_0:50: out 70F373750B2A2064548BCD7C926FE71B0810200100000001000000BC5D3B5782D8075E1126B2F8B3DCCA2E702841AD7B97D6B9953A267D76F13ACBF66D5056C2F45EE9C1C00A93C5B1980D42DEDD4326EB04032E4332B79F2F11C6A615289D417FD53D5E272E640A12669500F521930C9CC46ECF4FC786A287A690E228CA27EA79B509E66274D8F15AA05C0F7CA8D57A8A00C89F196225E46C07504F2D95720A4C3FBCB423EAD8C0EDF45FD8D7E3856C43875D414C064E95731DFB6F ike 0:VPN_Windows_0:50: sent IKE msg (quick_r1send): 181.165.243.118:4500->190.19.57.99:4500, len=188, id=70f373750b2a2064/548bcd7c926fe71b:00000001 ike 0: comes 190.19.57.99:4500->181.165.243.118:4500,ifindex=6.... ike 0: IKEv1 exchange=Quick id=70f373750b2a2064/548bcd7c926fe71b:00000001 len=60 ike 0: in 70F373750B2A2064548BCD7C926FE71B08102001000000010000003C94C3FFBA35D399A37AA57A5703139CE832D2F9ED0034C9FF5E536D3CE28092B7 ike 0:VPN_Windows_0:50: dec 70F373750B2A2064548BCD7C926FE71B08102001000000010000003C000000186AD20F7D791BB71D276D3A5C0D5F761F56386D250000000000000000 ike 0:VPN_Windows_0:VPN_Windows:26: send SA_DONE SPI 0xd6050872 ike 0: comes 190.19.57.99:4500->181.165.243.118:4500,ifindex=6.... ike 0: IKEv1 exchange=Informational id=70f373750b2a2064/548bcd7c926fe71b:73452add len=76 ike 0: in 70F373750B2A2064548BCD7C926FE71B0810050173452ADD0000004C14CDEDB4D8A5205DDB4501016E2FC78F41D1CE6F674393358992CDE97236C45FFD47517F58622B67783E1DF61A0FA584 ike 0:VPN_Windows_0:50: dec 70F373750B2A2064548BCD7C926FE71B0810050173452ADD0000004C0C0000186467258487F39F31726F195DED7A2ECB99BEDB2B000000100000000103040001D60508720000000000000000 ike 0:VPN_Windows_0:50: recv IPsec SA delete, spi count 1 ike 0:VPN_Windows_0: deleting IPsec SA with SPI d6050872 ike 0:VPN_Windows_0:VPN_Windows: deleted IPsec SA with SPI d6050872, SA count: 0 ike 0:VPN_Windows_0: sending SNMP tunnel DOWN trap for VPN_Windows ike 0:VPN_Windows_0:26: del route 190.19.57.99/255.255.255.255 oif VPN_Windows_0(67) metric 15 priority 0 ike 0:VPN_Windows_0:VPN_Windows: delete ike 0: comes 190.19.57.99:4500->181.165.243.118:4500,ifindex=6.... ike 0: IKEv1 exchange=Informational id=70f373750b2a2064/548bcd7c926fe71b:3523d67f len=84 ike 0: in 70F373750B2A2064548BCD7C926FE71B081005013523D67F00000054678F3C5168C3FCDA35F37062098DA782E2D677D8655DE433928B790172470738882A4B51172E3E2A8204DEB94125905570B10B39777AA80A ike 0:VPN_Windows_0:50: dec 70F373750B2A2064548BCD7C926FE71B081005013523D67F000000540C000018809565EC75D4AF7BBAD4FF6B62170B43D432FB900000001C000000010110000170F373750B2A2064548BCD7C926FE71B00000000 ike 0:VPN_Windows_0:50: recv ISAKMP SA delete 70f373750b2a2064/548bcd7c926fe71b ike 0:VPN_Windows_0: deleting ike 0:VPN_Windows_0: flushing ike 0:VPN_Windows_0: sending SNMP tunnel DOWN trap ike 0:VPN_Windows_0: flushed ike 0:VPN_Windows_0: delete dynamic ike 0:VPN_Windows_0: reset NAT-T ike 0:VPN_Windows_0: deleted ike shrank heap by 122880 bytes
Can somebody please explain what is wrong or why is the connection suddenly dropped?
Thanks everybody
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Just a proposal:
in former times Win VPN used a combination of keylifeseconds and keylifebytes. You can activate that both are observed in the FGT. IIRC it was 2.5 MB = 25000000 bytes.
LeandroO
Did you find any solution for this problem? I'm with the same issue since I upgraded to 5.4.
My clients are coming with UDP_ENCAPSULATION_MODE_TRANSPORT_RFC3947 encapsulation and it looks Fortigate is expecting UDP_ENCAPSULATION_MODE_TRANSPORT.
Best Regards,
Luiz
TIBarigui wrote:LeandroO
Did you find any solution for this problem? I'm with the same issue since I upgraded to 5.4.
My clients are coming with UDP_ENCAPSULATION_MODE_TRANSPORT_RFC3947 encapsulation and it looks Fortigate is expecting UDP_ENCAPSULATION_MODE_TRANSPORT.
Best Regards,
Luiz
Hi, did you solve the problem? I have some issue with client's Android 5 device.
jc83419 wrote:Not yet. I opened a ticket with Fortinet but didn't have an answer yet, as usual.TIBarigui wrote:LeandroO
Did you find any solution for this problem? I'm with the same issue since I upgraded to 5.4.
My clients are coming with UDP_ENCAPSULATION_MODE_TRANSPORT_RFC3947 encapsulation and it looks Fortigate is expecting UDP_ENCAPSULATION_MODE_TRANSPORT.
Best Regards,
Luiz
Hi, did you solve the problem? I have some issue with client's Android 5 device.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1678 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.