Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
PCNSE
NSE
StrongSwan
edit 6 set srcintf " port15" set dstintf " EXT_NET01" set srcaddr " MGT_NET01" set dstaddr " all" set action ipsec set schedule " always" set service " ANY" set comments " L2TP_VPN for main admiistrators to management network" set inbound enable set outbound enable set vpntunnel " l2tp_dialupRA01" nextyes... I have done that to... you see... :(
PCNSE
NSE
StrongSwan
oh b4 I forget you need a policy for the tunnel src back in also; edit 8 set srcintf " EXT_NET01" set dstintf " port15" set srcaddr " l2tp_RA01" set dstaddr " MGT_NET01" set action accept set schedule " always" set service " ANY" next Look at this way, you allow external traffic into with action ipsec and then you allow the tunnel-srcs into the lan fwpoilices that you allow.emnoc would you please leave me a policy of IPsec? in the manual it says that from inside network to outside network it' s going to be IPsec and from l2tp clients it always accept. when the second policy makes sence but I catually don' t understand how to let the outside traffic in the network and tell the remote client to use the ipsec parameters I defined. I have an accept policy to the port I connect for ipsec with this valid IP, it is accepted but either it doesn' t pass the ipsec parameters or I have some problem on my remote client.
PCNSE
NSE
StrongSwan
So have you double checked the l2tp vpn client setup? If you have macosx used that with verbose mode logging and look at any errors logged info in the var directory.I use windows, I should make a new vpn connection, right?? It is what the manual says, from manual:
In Network Connections, configure a Virtual Private Network connection to the FortiGate unit. • Ensure that the IPSEC service is running. • Ensure that IPsec has not been disabled for the VPN client. It may have been disabled to make the Microsoft VPN compatible with an earlier version of FortiOS.Done the whole above, set the password and still not working... and here is my config on the host: By the way, my phase 2 encapsulation is in transport mode, is that correct?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.