Created on
‎04-23-2025
03:43 AM
Edited on
‎04-23-2025
05:35 AM
By
Jean-Philippe_P
Hello,
I need help to configure IPsec VPN on my FortiGate.
I have created the users and configured the tunnel, but I can't access it via FortiClient.
I really need your help.
Hi,
Can you please share the output of the ipsec configuration ( and sanitize/hide sensitive information like public IP and PSK ) and describe the issue that you have ?
show vpn ipsec phase1-interface
show vpn ipsec phase2-interface
Created on
‎04-23-2025
04:21 AM
Edited on
‎04-23-2025
05:36 AM
By
Jean-Philippe_P
The following are my config:
Created on ‎04-23-2025 04:30 AM Edited on ‎04-23-2025 04:34 AM
ok, base on your output the forticlient vpn configuration should look something like this :
where the Pre-shared key is what you have configured and if you have a peer id configured you should put it in the Local ID field.
afterwards, you should have firewall rules from the source interface Access-Distant and source address object range 172.16.10.10-172.16.10.20 to whatever destination interface and destination object you need.
L.E. in order to try and debug the issue that you have, you should look at https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPN-tunnels/ta-p/195955 and start the debug, then initiate a connection.
Yes, but it doesn't work.
you would need to share some debug output and share more info about the issue that you encounter while trying to connect.
since it's a private ip configured on wan, are you trying to connect from lan and test it ? if so, do you have a firewall policy between the network segments that allows the connection ?
When I test access via Forticlient, I get the following error message: "The VPN connection to the cloud was not established."
What could be causing this?
could be a couple of things.
start by confirming that traffic for IPsec VPN is allowed, using commands from here - https://community.fortinet.com/t5/FortiGate/Technical-Tip-Debug-flow-tool/ta-p/213238
if everything suggests that traffic is passing then start doing a debug for ipsec using the link above.
you can later share the output of the debugs here.
what version of FortiOS are you running on the 90G ?
v7.0.12
My WAN interface has a private address, not a public address.
User | Count |
---|---|
2530 | |
1350 | |
795 | |
639 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.