I want to setup remote access vpn on my fortigate(v6.2) for both windows and ios/macos native client.
I try templated Windows Native and iOS Native, both works well respectively.
However, when I enable both of these, only iOS Native will work, and when I try to connect from windows, I will see some message about iOS Native interface from VPN Events log. It seems like fortigate try to handle windows vpn request with iOS Native vpn.
Here is the actual config:
FGT81EXXXXXXXXX # show vpn ipsec phase1-interface config vpn ipsec phase1-interface edit "l2tpIPsec" set type dynamic set interface "wan1" set peertype any set net-device disable set proposal aes256-md5 3des-sha1 aes192-sha1 set dpd on-idle set comments "VPN: l2tpIPsec (Created by VPN wizard)" set dhgrp 2 set wizard-type dialup-windows set psksecret ENC r6a0aJ6ppiZcRsVyfZeYTfdJ4ZHw+GKaQEAmO9aEMwVYOYN5lHPqe82yzKCdQ/svXa8l/20THR9tFfrv5cFM9Rh0YJCbSCOWq8irpwx+i4BGtIpITPV9KjbUYon/I3QSNY6hZYbipreBa5oCl4zpzvxLqG9QdAsQ279DSCmrKiGKO51bDRN6vqCfBoBXta4Fhx4Ehg== set dpd-retryinterval 60 next edit "ipsec" set type dynamic set interface "wan1" set peertype any set net-device disable set mode-cfg enable set proposal aes256-sha256 aes256-md5 aes256-sha1 set dpd on-idle set comments "VPN: ipsec (Created by VPN wizard)" set dhgrp 14 5 2 set wizard-type dialup-ios set xauthtype auto set authusrgrp "VPN_Group" set ipv4-start-ip 10.2.6.1 set ipv4-end-ip 10.2.6.254 set ipv4-netmask 255.255.240.0 set dns-mode auto set psksecret ENC LS9k7wvjeIi0WRlv4KnQOWspzF6ycJmIUHv3D2C8d+pahHjLQ4I8mhD4bpY3VoPGLimgisSWfYfzPmgu97AmzT3AEOnaF9vqwV3j6M+MXeWtv4XhnbKSXgFwOCThnMl8cM8x9yglNXMRaOKJ/ecEaXwGuISbACeu7F45NM1TzOFFn9QAQ5FNhzOKKeh/Gd+1er/LOA== set dpd-retryinterval 60 next end FGT81EXXXXXXXXX # show vpn ipsec phase2-interface config vpn ipsec phase2-interface edit "l2tpIPsec" set phase1name "l2tpIPsec" set proposal aes256-md5 3des-sha1 aes192-sha1 set pfs disable set encapsulation transport-mode set l2tp enable set comments "VPN: l2tpIPsec (Created by VPN wizard)" set keylifeseconds 3600 next edit "ipsec" set phase1name "ipsec" set proposal aes256-sha256 aes256-md5 aes256-sha1 set pfs disable set keepalive enable set comments "VPN: ipsec (Created by VPN wizard)" next end
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Any luck getting this to work?
I'm trying to config 2 windows native vpn(l2tp/ipsec), beacause I need diferent permissions on the vpns, and if I have only one configured it works, if I configure a second one both will not work.
This can't be done I found the explanationin this article:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD45747
suporte@sjosepneus.com wrote:Hate to bump this thread but I am also experiencing this problem. Did you find a solution? As per the article I am attempting to setup the IPSEC VPN via the gui and trying to connect via windows via this guideThis can't be done I found the explanationin this article:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD45747
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/299180/configuration-overview
But I'm not having any luck. Can anyone guide me?
Probably you would have to tie each vpn to a remote peer id. I ran into such issues with more than one dial in tunnel on FGTs too. I had to seperate them either by peer id or unique proposals.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.