Hello guys, I' m trying to do a IPsec VPN on a Fortigate 60C, the firmware version is v4.0,build5367,101109 (MR2) I have created the Phase 1 and 2, Phase 1 settings: Agressive mode Blank preshared key, Accept peer ID in dialup group " User group" , IKE version 1, Local Gateway IP: Main interface IP P1 proposal: 1 3DES - SHA1 2 AES128 - SHA1 DH Group: 5, Dead Peer Detection. Phase 2 settings: P2 proposal: 1 3DES - SHA1 2 AES128 - SHA1 Enable replay detection Enable perfect foward secrecy (FPS) DH Group 5 Autokey Keep Alive DHCP-IPsec Quick Mode Selector Source address: 0.0.0.0/0 Source port: 0 Destination address: 0.0.0.0/0 Destination port: 0 Protocol: 0 Created 2 firewall rules using the VPN interface pointing to internal and another one from internal to VPN interface. Both rules have: Accept action, No NAT, service ANY; I also created a DHCP server, type IPsec, assinged a free IP range on my internal network, the default gateway is the internal Fortigate interface. The problem is, when I try to connect throught FortiClient I' m not able to, when I check the event log on Fortinet the error message is " IPsec phase 2 error" , the error reason: " no matching gateway for new request" . I' ve also checked the firewall from the client, to see if it is open for IPsec requests. Is this a Phase 2 wrong config? Peer ID problem? To connect I' m using the user a pass that the user have on FortiGate, this user is associated to the user group on the phase 1 config. I appreciate any help.