Hi Team,
I have IPsec IKE V1 remote access and I need to change it to V2.
After changing it to V2 I didn't connect to the tunnel giving the below warning in logs:
No response from the peer, phase1 retransmit reaches maximum count
Note that we uses Forti authenticator with FortiGate.
My Config:
set type dynamic
set interface "IPSec"
set ike-version 2
set peertype any
set net-device enable
set mode-cfg enable
set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256
set dpd on-idle
set idle-timeout enable
set idle-timeoutinterval 60
set ipv4-start-ip
set ipv4-end-ip
set ipv4-netmask
set dns-mode auto
set psksecret
What is the problem ?
Thanks,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Could anyone help me ?
after entering the token it gives VPN connection failed in forticlient but no error in FAC.
May because the client uses EAP-GTC as shown in the above pictures ?
Note that the failure from FG debug as below:
fnbamd debug:
[1862] fnbamd_radius_auth_validate_pkt-RADIUS resp code 2
[323] extract_success_vsas-FORTINET attr, type 1, val VPN Users
fnbamd_dbg_hex_pnt[48] EAP msg from server (4)-03 01 00 04
[1449] fnbamd_auth_handle_radius_result-->Result for radius svr 'FortiAuthenticator' IP(1) is 0
[1608] fnbam_user_auth_group_match-req id: 952356062, server: FortiAuthenticator, local auth: 0, dn match: 0
[280] find_matched_usr_grps-Failed group matching
The last update that I configured the tunnel and I can connect but without internet.
My policies include groups but when I remove those groups and replace them with "All" I'm able to connect.
In my environment I don't need to remove groups from polices.
Is there a solution for this issue?
In the tunnel config there is a command should specify( set authgrp " "), I've added one group but how do I add multiple groups ?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1519 | |
1019 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.