Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

Created on ‎05-18-2022 04:03 AM Edited on ‎05-18-2022 04:13 AM

VPN wizard change remote subnet

Hi,

I have created vpn for native windows client during a setup I chose subnet range for a client, now I need to change that settings but I don't see that setting in tunnel settings, even in CLI I don't see this, where it is applied?

 

 

Router (VPN_ipsec) # get
name                : VPN_ipsec
type                : dynamic
interface           : port24
ip-version          : 4
ike-version         : 1
local-gw            : 0.0.0.0
keylife             : 86400
authmethod          : psk
mode                : main
peertype            : any
net-device          : disable
exchange-interface-ip: disable
mode-cfg            : disable
proposal            : aes256-md5 3des-sha1 aes192-sha1
add-route           : enable
localid             :
localid-type        : auto
negotiate-timeout   : 30
fragmentation       : enable
ip-fragmentation    : post-encapsulation
dpd                 : on-demand
forticlient-enforcement: disable
comments            : VPN:
npu-offload         : enable
dhgrp               : 2
suite-b             : disable
wizard-type         : dialup-windows
xauthtype           : disable
idle-timeout        : disable
ha-sync-esp-seqno   : enable
auto-discovery-sender: disable
auto-discovery-receiver: disable
auto-discovery-forwarder: disable
nattraversal        : enable
rekey               : enable
enforce-unique-id   : disable
fec-egress          : disable
fec-ingress         : disable
default-gw          : 0.0.0.0
default-gw-priority : 0
tunnel-search       : selectors
psksecret           : *
keepalive           : 10
distance            : 15
priority            : 0
dpd-retrycount      : 3
dpd-retryinterval   : 20

 

 

 

 

Labels:
3168
0 Kudos
11 REPLIES 11
Tutek
Contributor

Created on ‎05-18-2022 07:49 AM

This is strange, with setting "set enforce-ipsec disabled"

-when on windows native client I leave ipsec type as Automatic - then connection is established but with not encryption only ms-chap-2.

-when on native windows client I choose ipsec as l2tp/ipsec with pre shared key and then insert key - connection is established with ipsec encryption 3des.

-If on fortigate I change l2tp settings to "set enforce-ipsec enabled" I cannot more connect in either way.

569
0 Kudos
vsahu
Staff
Staff
In response to Tutek

Created on ‎05-19-2022 12:29 AM

Can you take the debug and reproduce the issue for all the scenarios

 

diagnose debug reset
diagnose debug disable

diagnose debug application ike -1

diagnose debug application l2tp -1

diagnose debug enable


Regards,
Vishal
539
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.