I have a client with a vendor who insists on using their own IPSec client. I'm getting phase1 errors in the log.
Dialup IPSec was created with the wizard. What settings should a non-FortiClient user have?
Fortinet XTreme Team USA (2015, 2016)
CISSP (2005), CISA (2007), NSE4 (2016)
What phase1 errors are you seeing? that would determine the issue(s);
proposal no match
If your in doubt on the proposal enable a few others and see if the clients get out of the phase1-errors
AES128 and 192 and 256 and 3DES
SHA1 and MD5
Your debug diagnostic should most of what the client is sending and you need to match the proposal.
Would be helpful to name the other vendor as others might have experience with their products.
For example, there are clients that use IKEv2, default on a Fortigate is IKEv1. It still is capable of doing IKEv2, you just have to know in advance what the client expects.
I have no idea what client they are using. All I have seen is phase1 failure, not sure why.
Than you need to enable a few proposal and try a hit and miss until you find proposal set that works.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.