IPsec IKEV2

alaaelrayes · ‎06-11-2023

Hi Team,

I've configured IPsec IKEV2 VPN with all required configs.

My problem is I can connect without internet because the traffic to the DNS pass through a deny policy as I'm using full tunnel.
I created another test policy on the top of policies but no internet and once I remove the group from that policy I can connect to internet.

Note that the group in that policy is added also in authgrps in the tunnel configs and I'm using FAC in my structure.

This screenshot after removing the group and the internet is allowed.

Thanks.

FortiGate

knagaraju · ‎06-12-2023

alaaelrayes,

Seems like the issue is with group matching on FAC. In order to isolate that, Please configure a test local user and check if it works.

Regards
Nagaraju.

alaaelrayes · ‎06-12-2023

local account on FAC or FG ?

I created a local account and a group on FG and I updated that in tunnel authgrp but the same issue.

If I change back the tunnel to IKEV1, it works fine and this issue only with IKVE2.

alaaelrayes · ‎06-13-2023

Issue solved by adding the groups from FSSO.

Thanks all

IPsec IKEV2

Nominate a Forum Post for Knowledge Article Creation