Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎03-12-2010 09:29 AM

PPTP configuration on 4.0.3 firmware

Hello everyone, how/where to configure the PPTP vpn with the new 4.0.3 firmware (fortigate 50b) ? I was used to do this with the old firmware..it was clearly under the " VPN" menu, but now, no way to find it :p if someone could point me to the right direction it would be nice thanks ! Andreas
2443
0 Kudos
13 REPLIES 13
abelio
SuperUser
SuperUser

Created on ‎03-12-2010 10:43 AM

Hello and welcome, pptp was moved from standard gui; you can configure with CLI if your want or if your prefer do that using GUI, you' ll need to learn how customize GUI (4.0 new feature) everything is explained in detail in Admin Guide for 4.0 at http://docs.fortinet.com/fgt.html

regards




/ Abel

regards / Abel
1337
0 Kudos
Not applicable

Created on ‎03-13-2010 06:08 AM

I´ve got a problem with PPTP configuration, too. As soon as I type " set sip 192.168.33.220" (for example) on the CLI - I get the following error message:
FGT80C3909637XXX # config vpn pptp FGT80C3909637XXX (pptp) # set sip 192.168.33.220 command parse error before ' sip' Command fail. Return code -61 FGT80C390963XXX (pptp) #
FortiOS version 4.0000 By the way - I tried to configure L2TP, too - but as soon as I type the CLI command " set encapsulation transport-mode" - the same error appears. What am I doing wrong? Thanks in advance!
1337
0 Kudos
abelio
SuperUser
SuperUser
In response to

Created on ‎03-13-2010 06:25 AM

FGT80C3909637XXX (pptp) # set sip 192.168.33.220 command parse error before ' sip' Command fail. Return code -61 FGT80C390963XXX (pptp) #
As described in documentation http://docs.fortinet.com/fgt/html/fortigate-admin/wwhelp/wwhimpl/js/html/wwhelp.htm you need to define ' ip-mode' parameter before. If you want to define a range there, set that parameter to ' range' ; otherwise ip-mode defined to usrgrpp will obtain IPs from pptp-users group definition.
By the way - I tried to configure L2TP, too - but as soon as I type the CLI command " set encapsulation transport-mode" - the same error appears. What am I doing wrong?
this is a different thing; that command it' s not available to configure under l2tp. by the book: 
 config vpn l2tp
   set eip <address_ipv4>
   set sip <address_ipv4>
   set status {disable | enable}
   set usrgrp <group_name>
 end

regards




/ Abel

regards / Abel
1337
0 Kudos
Not applicable

Created on ‎03-13-2010 07:26 AM

Thank you very much for your answer - but its not that easy. Same error message:
FGT80C3909637XXX # config vpn pptp FGT80C3909637XXX (pptp) # set ip-mode range command parse error before ' ip-mode' Command fail. Return code -61 FGT80C3909637XXX (pptp) #
1337
0 Kudos
laf
New Contributor II

Created on ‎03-15-2010 02:15 AM

Weird. Let s do it again: Define a firewall a local user and then a firewall group: PPTP-GR. Then: configure vpn pptp set status enable set sip 172.16.10.1 set eip 172.16.10.25 set usrgrp PPTP-GR set ip-mode range end Good luck!

The most expensive and scarce resource for man is time, paradoxically, it' s infinite.

The most expensive and scarce resource for man is time, paradoxically, it' s infinite.
1337
0 Kudos
Not applicable

Created on ‎03-15-2010 04:50 AM

Thank you very much! The trick was to change the order - first " set status enable" and then the ip-ranges. Anyway, I don´t get it to work. The connection seems to work fine and my client has got an IP from the defined range. But I can´t reach any servers at the connected private network. What could be wrong? Do I have to assign special firewall policies?
1337
0 Kudos
rwpatterson
Valued Contributor III
In response to

Created on ‎03-15-2010 05:32 AM

On the client side, retrieve the remote gateway.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
1337
0 Kudos
Not applicable

Created on ‎03-15-2010 04:09 PM

thank you very much guys after reading u, i finally got it.. the computer man becomes lazy with all those guy' s xD
1337
0 Kudos
Not applicable

Created on ‎03-15-2010 04:15 PM

@abello: Regarding my L2TP configuration question what may be wrong with the " set encapsulation transport-mode" ....you wrote:
this is a different thing; that command it' s not available to configure under l2tp. by the book: config vpn l2tp set eip <address_ipv4> set sip <address_ipv4> set status {disable | enable} set usrgrp <group_name> end
I found this syntax in the IPSEC guide FortiOS 4.0 MR1 book on page 143:
Make this a transport-mode VPN. You must use the CLI to do this. If your phase 2 name is dialup_p2, you would enter: config vpn ipsec phase2 edit dialup_p2 set encapsulation transport-mode end
It seems as if there are a lot of misunderstandable sentences and declarations in the PDF files provided by Fortinet?!I So far, I am really happy with the product, but I would not have been able to set ip up correctly without the help of this great forum. I understand that Fortinet wants to sell their certification trainings but...
1337
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.