Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
LGPC
New Contributor

VPN wrong Username/Password?

Hello,

 

a short time ago I changed to NAT mode and now I want to connect with SSL VPN from everywhere to my Network.

I configured everything and entered the CORRECT username and password in the VPN client on my notebook. I also addet my vpn user to a group which hast full SSL VPN Access. But everytime I connect it says: Can´t login username or password might be wrong (-12)

Has anyone a idea why this isn´t working?

1 Solution
Dipen
New Contributor III

So you have not able to connect on default 10443 port. What alternate port are you using. If you have changed port in Portal, you need to change port in SSL-VPN client as well.

If it is a port issue then Portal should not open at all. Authentication should not be an issue with VPN Portal Port.

 

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

View solution in original post

Ahead of the Threat. FCNSA v5 / FCNSP v5 Fortigate 1000C / 1000D / 1500D
8 REPLIES 8
evince
New Contributor

Hello,

 

Did you assign your group to the policy?

LGPC
New Contributor

Thanks,

 

I added my vpnuser Group to my VPN Policy and did everything like I saw in in different videos and docs. But  it wont connect. At 80% there is this -12 error.

evince
New Contributor

Hello,

 

Try via your portal : https://yourip:10443

 

Then check the logs, maybe they'll help you and show you where the problem is.

Dipen
New Contributor III

Firstly are you using a local user database or a remote Server as Active Directory (LDAP) ?

In case of local user , please confirm the local user is not disabled.

 

please confirm the FortiOS version with a snapshot of the policy.

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

Ahead of the Threat. FCNSA v5 / FCNSP v5 Fortigate 1000C / 1000D / 1500D
emnoc
Esteemed Contributor III

Suggestion:

 

Instead of guessing, why don't you use  the diagnostics

 

diag debug reset

diag debug en

diag debug app sslvpn -1

 

It will probably show exactly what the problem(s)

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
LGPC
New Contributor

Ok guys, thanks for your answers.

 

I changed the HTTPS port to another port and now I can connect to the web interface (portal) of the SSL connection.

At the portal I can click connect in the section tunnel mode. Then the forticlient automatically connects to my VPN an i can Access the Internet over it. If I do the same when I´m not logged in in the portal (only in in the fortclient) then it says again wrong username / password (-12) so I think my policy is correct. But why can´t I login to the VPN with the FortiCLient ony?

Dipen
New Contributor III

So you have not able to connect on default 10443 port. What alternate port are you using. If you have changed port in Portal, you need to change port in SSL-VPN client as well.

If it is a port issue then Portal should not open at all. Authentication should not be an issue with VPN Portal Port.

 

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

 

Ahead of the Threat. FCNSA v5 / FCNSP v5 Fortigate 1000C / 1000D / 1500D
LGPC
New Contributor

Yeah your last sentence was my answer!

 

I used the SSL port in the Forticlient. Now I tried the Portal port and it finally works!

 

Thanks a lot

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors