Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
joey_KCARC
New Contributor

Created on ‎10-21-2020 02:04 PM

L2TP passthrough

Hello. We have an RRAS server (Windows Server 2016) for VPN Access. It is currently using PPTP and we are working on upgrading it to L2TP for more secured encryption. We are having trouble getting the L2TP pass through the FortiGate firewall from the internet. The setup works just fine if I connect to the server directly (internally), so I know it is the firewall. Logs are showing the policy is accepting IKE connection, but the VPN connection stuck at this step(in screenshots) below.

 

Screenshots for policy, VIPs, and Logs

[link]https://ibb.co/jHcGtCn[/link] [link]https://ibb.co/096vFNS[/link] [link]https://ibb.co/5M6NTm3[/link] [link]https://ibb.co/F6vMRVQ[/link] [link]https://ibb.co/YXBPvcj[/link]

 

FortiGate 90E, firmware v5.4.11,build8140 (GA)

 

Thanks for helping!

 

Preview file
107 KB
6141
0 Kudos
1 Solution
boneyard
Valued Contributor

Created on ‎10-22-2020 08:09 AM

as you do L2TP behind NAT this might be relevant: [link]http://woshub.com/l2tp-ipsec-vpn-server-behind/[/link]

 

if not i would first try with one IP to IP VIP and all services allow and no UTM to rule out some things there.

 

also in general have a look at upgrading 5.4 is unsupported i believe.

 

View solution in original post

4594
0 Kudos
2 REPLIES 2
boneyard
Valued Contributor

Created on ‎10-22-2020 08:09 AM

as you do L2TP behind NAT this might be relevant: [link]http://woshub.com/l2tp-ipsec-vpn-server-behind/[/link]

 

if not i would first try with one IP to IP VIP and all services allow and no UTM to rule out some things there.

 

also in general have a look at upgrading 5.4 is unsupported i believe.

 

4595
0 Kudos
joey_KCARC
New Contributor
In response to boneyard

Created on ‎10-22-2020 01:46 PM

Thank you!

 

Both the server and the client are behind NAT but only the server had enabled the NAT-T as the article mentioned. Changed the registry on the client, rebooted and it is working now!

 

4541
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.