Hello. We have an RRAS server (Windows Server 2016) for VPN Access. It is currently using PPTP and we are working on upgrading it to L2TP for more secured encryption. We are having trouble getting the L2TP pass through the FortiGate firewall from the internet. The setup works just fine if I connect to the server directly (internally), so I know it is the firewall. Logs are showing the policy is accepting IKE connection, but the VPN connection stuck at this step(in screenshots) below.
Screenshots for policy, VIPs, and Logs
[link]https://ibb.co/jHcGtCn[/link] [link]https://ibb.co/096vFNS[/link] [link]https://ibb.co/5M6NTm3[/link] [link]https://ibb.co/F6vMRVQ[/link] [link]https://ibb.co/YXBPvcj[/link]
FortiGate 90E, firmware v5.4.11,build8140 (GA)
Thanks for helping!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
as you do L2TP behind NAT this might be relevant: [link]http://woshub.com/l2tp-ipsec-vpn-server-behind/[/link]
if not i would first try with one IP to IP VIP and all services allow and no UTM to rule out some things there.
also in general have a look at upgrading 5.4 is unsupported i believe.
as you do L2TP behind NAT this might be relevant: [link]http://woshub.com/l2tp-ipsec-vpn-server-behind/[/link]
if not i would first try with one IP to IP VIP and all services allow and no UTM to rule out some things there.
also in general have a look at upgrading 5.4 is unsupported i believe.
Thank you!
Both the server and the client are behind NAT but only the server had enabled the NAT-T as the article mentioned. Changed the registry on the client, rebooted and it is working now!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.