I have a client with a vendor who insists on using their own IPSec client. I'm getting phase1 errors in the log.
Dialup IPSec was created with the wizard. What settings should a non-FortiClient user have?
Norris Carden
Fortinet XTreme Team USA (2015, 2016)
CISSP (2005), CISA (2007), NSE4 (2016)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What phase1 errors are you seeing? that would determine the issue(s);
e.g
PSK mismatches
proposal no match
etc..
If your in doubt on the proposal enable a few others and see if the clients get out of the phase1-errors
e.g
AES128 and 192 and 256 and 3DES
SHA1 and MD5
Your debug diagnostic should most of what the client is sending and you need to match the proposal.
http://socpuppet.blogspot...-trouble-shooting.html
Ken
PCNSE
NSE
StrongSwan
Would be helpful to name the other vendor as others might have experience with their products.
For example, there are clients that use IKEv2, default on a Fortigate is IKEv1. It still is capable of doing IKEv2, you just have to know in advance what the client expects.
I have no idea what client they are using. All I have seen is phase1 failure, not sure why.
Norris Carden
Fortinet XTreme Team USA (2015, 2016)
CISSP (2005), CISA (2007), NSE4 (2016)
Than you need to enable a few proposal and try a hit and miss until you find proposal set that works.
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1519 | |
1019 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.