Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
banosr
New Contributor

Created on ‎08-30-2012 06:01 PM

iphone vpn not assigning ip

Hi: I created an ipsec-VPN to connect iphones to the voip PBX but I am not getting the ips assigned. This is my phase1 configuration. name : VPNPBX type : dynamic interface : port1 ip-version : 4 local-gw : 0.0.0.0 dpd : enable nattraversal : enable dhgrp : 2 proposal : aes256-md5 aes256-sha1 keylife : 28800 authmethod : psk peertype : dialup xauthtype : auto mode : main mode-cfg : enable localid : (null) localid-type : auto authusrgrp : VPNPBX default-gw : 0.0.0.0 default-gw-priority : 0 dpd-retrycount : 3 dpd-retryinterval : 5 usrgrp : VPNPBX assign-ip : enable mode-cfg-ip-version : 4 assign-ip-from : range add-route : enable ipv4-start-ip : 192.168.20.1 ipv4-end-ip : 192.168.20.20 ipv4-netmask : 255.255.255.0 ipv4-dns-server1 : 0.0.0.0 ipv4-dns-server2 : 0.0.0.0 ipv4-dns-server3 : 0.0.0.0 ipv4-wins-server1 : 0.0.0.0 ipv4-wins-server2 : 0.0.0.0 ipv4-exclude-range: ipv4-split-include : PBX unity-support : enable domain : (null) banner : (null) psksecret : * keepalive : 10 distance : 1 priority : 0 Any ideas will be greatly appreciated
Ricardo
984
0 Kudos
3 REPLIES 3
Kess
New Contributor

Created on ‎09-04-2012 06:16 AM

There' s how it works for me: - config vpn ipsec phase1-interface 
 edit " iPhone" 
     set type dynamic
     set interface " wan1" 
     set dhgrp 2
     set xauthtype auto
     set mode-cfg enable
     set proposal aes256-md5 aes256-sha1
     set negotiate-timeout 15
     set authusrgrp " iPhone-VPN" 
     set ipv4-start-ip 10.0.0.1
     set ipv4-end-ip 10.0.0.254
     set ipv4-netmask 255.255.255.0
     set ipv4-dns-server1 192.168.0.254
     set ipv4-wins-server1 192.168.0.254
     set ipv4-split-include " NET-INT" 
     set domain " my-internal-domain-name.lan" 
     set psksecret ENC <My_Secret_ENC_Password>
 next
- config vpn ipsec phase2-interface 
 edit " iPhone-P2" 
     set keepalive enable
     set phase1name " iPhone" 
     set proposal aes256-md5 aes256-sha1
     set dhgrp 2
 next
where: - the group " iPhone-VPN" is just a firewall group containing the users allowed to use this IPSec VPN - the network 10.0.0.0/24 is a dedicated network where only IPSec-VPN devices will stay - the network 192.168.0.0/24 is my internal computers network - the object " NET-INT" is an address object containing 192.168.0.0/24 Remember to setup your policies ! hope it helps. Bye Kess.
568
0 Kudos
banosr
New Contributor

Created on ‎09-10-2012 12:49 PM

I think everything is configured fine but in the log I get: check for IP assignement method ... No IP assignmet method defined In my phase1 configuration I specify assign-ip-from range Any ideas
Ricardo
568
0 Kudos
banosr
New Contributor

Created on ‎09-10-2012 01:09 PM

Finally got it working but I don' t understand why. I turned off pfs in phase2 and connected just once and then started getting errors, then I enabled pfs and is working fine. I configured phase 1 and 2 via the gui and just used the cli to setup mode-cfg and ipv4
Ricardo
568
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.