Not applicable
Created on 11-27-2010 06:31 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unable to bring down IPSec VPN Tunnnel
Hi,
i' ve configured FG200B as IPSec VPN Dialup Server, clients establish tunnels using FortiClient. but i m unable to bring down the tunnel from IPSec--->Monitor. even though clicking Bring down but still the tunnel is up :(
using os 4.2 patch2
any idea???
thanks
- « Previous
-
- 1
- 2
- Next »
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wasn' t sure if more than one QM selector was used. You could always go in and mangle the QM selector in question. The phase 2 definitions would then not match and the tunnel will (should) drop. Change the subnet or one octet and save it. This should be enough to fail the relationship.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks,
QM selector is same for all dialup clients.
forticlients will be using Automatic configuration.
regards,
Zeeshan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You could set it up like this:
- set up local users on the FG (name+password)
- configure each Fclient with localID==username and PSK==password_for_this_user.
You can then either delete the user, change his password or just disable his/her temporarily.
It' s one of the common scenarios explained in the IPSec VPN Handbook.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this will work, but forticlients will b on automatic configuration, and they are authenticated using RADIUS server.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
what will stop you from taking a user out of RADIUS then??
RADIUS or local user list, both are equivalent in this respect.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
user is successfully disconnected from RADIUS, but FG doesn' t go for authentication again
- « Previous
-
- 1
- 2
- Next »