- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vpn in transparent mode not working
Hello I am trying to connect my forticlient to the firewall using ipsec vpn. The firewall runs in transparent mode behind a comcast router. The router has dhcp and gives out 10.1.10.x but my clients have static ips with a subnet like 23.33.33.x/255.255.255.224 I was able to connect using firmware version 3 but it does not work on version 5. I have a vpnusers group that authenticatest no problem. The error seems to be related to not having and ip. I might need 1 to 1 nat . dec DA96AFFC4245BFFDFE180ABE1B748F50081006017B4FB221000000540E0000144671079BCF6AC09B16A2AE5C825ABC2D0000001F0200EF62C08800004089000474657374408A00077465737431323384F3E9E004 2016-04-22 08:57:34 ike 0:ong-vpn_0:58: received XAUTH_USER_NAME 'test' length 4 2016-04-22 08:57:34 ike 0:ong-vpn_0:58: received XAUTH_USER_PASSWORD length 7 2016-04-22 08:57:34 ike 0:ong-vpn_0: XAUTH user "test" in group 'vpnusers' (1) 2016-04-22 08:57:34 ike 0:ong-vpn_0: XAUTH succeeded for user "test" 2016-04-22 08:57:35 ike 0:ong-vpn_0:58: mode-cfg type 1 request 0:'' 2016-04-22 08:57:35 ike 0:ong-vpn_0:58: mode-cfg not enabled, ignoring Configuration Method Request 2016-04-22 08:57:39 ike 0:ong-vpn_0: link is idle 0 23.33.33.2->10.1.10.12:0 dpd=1 seqno=1 2016-04-22 08:57:39 ike 0:ong-vpn_0:58: send IKEv1 DPD probe, seqno 1 2016-04-22 08:57:50 ike 0:ong-vpn_0: deleting 2016-04-22 08:57:50 ike 0:ong-vpn_0: flushing 2016-04-22 08:57:50 ike 0:ong-vpn_0: sending SNMP tunnel DOWN trap 2016-04-22 08:57:50 ike 0:ong-vpn_0: flushed 2016-04-22 08:57:50 ike 0:ong-vpn_0: delete dynamic 2016-04-22 08:57:50 ike 0:ong-vpn_0: deleted 2016-04-22 08:57:55 ike shrank heap by 4096 bytes Here is part of the ipsec config config vpn ipsec phase1 edit "ong-vpn" set type dynamic set mode aggressive set xauthtype pap set proposal 3des-sha1 3des-md5 set negotiate-timeout 15 set xauthexpire on-rekey set authusrgrp "vpnusers" set psksecret ENC Kj/uG7anrX1HPHsK7S4vYQJAL/v4APWAGIsXQYlddgEq530JKxakMNWmR8VM7jTpyZ9X9jDFrjW1Qv5GIUyE7lrcfr+scEWcRXvj/vqZSYZDpFbS3qipnsqLifa2009tzA+QFqM9BBn8jXFFii8bXgbqHFTMdaZcpqwz+Q== next end config vpn ipsec phase2 edit "fg-ong-vpn" set phase1name "ong-vpn" set proposal 3des-sha1 3des-md5 set keepalive enable set single-source enable set keylifeseconds 3600 set src-subnet 23.33.33.0 255.255.255.224 next end
