# diagnose debug application sslvpn -1After running try to connect again and use the below command to disable.
# diagnose debug application fnbamd -1
# diagnose debug enable
# diagnose debug disableAnd compare the debugs.
[174:root:0]SND: IPCP Configure_Request id(1) [IP_Address 49.248.92.130]Not working.
[174:root:0]RCV: IPCP Configure_Request id(1) [IP_Address 0.0.0.0] [Primary_DNS_IP_Address 0.0.0.0] [Seconday_DNS_IP_Address 0.0.0.0]
[174:root:0]ipcp: returning Configure-NAK
[174:root:0]SND: IPCP Configure_Nak id(1) [IP_Address 10.212.134.201] [Primary_DNS_IP_Address 192.168.1.7] [Seconday_DNS_IP_Address 192.168.1.7]
[174:root:0]RCV: IPCP Configure_Ack id(1) [IP_Address 49.248.92.130]
[174:root:0]RCV: IPCP Configure_Request id(2) [IP_Address 10.212.134.201] [Primary_DNS_IP_Address 192.168.1.7] [Seconday_DNS_IP_Address 192.168.1.7]
[174:root:0]ipcp: returning Configure-ACK
[174:root:0]SND: IPCP Configure_Ack id(2) [IP_Address 10.212.134.201] [Primary_DNS_IP_Address 192.168.1.7] [Seconday_DNS_IP_Address 192.168.1.7]
[174:root:0]ipcp: up ppp:0x55e45000 caller:0x55cd3b00 tun:31
[175:root:0]SND: IPCP Configure_Request id(1) [IP_Address 49.248.92.130]Do the below changes and test again.
[175:root:0]RCV: IPCP Configure_Request id(1) [IP_Address 0.0.0.0]
[175:root:0]ipcp: returning Configure-NAK
[175:root:0]SND: IPCP Configure_Nak id(1) [IP_Address 10.212.134.202]
[175:root:0]RCV: IPCP Configure_Reject id(1) [IP_Address 49.248.92.130]
[175:root:0]SND: IPCP Configure_Request id(2) [IP_Addresses Internet_Addresses(deprecated)]
[175:root:0]RCV: IPCP Configure_Request id(2) [IP_Address 10.212.134.202]
[175:root:0]ipcp: returning Configure-ACK
[175:root:0]SND: IPCP Configure_Ack id(2) [IP_Address 10.212.134.202]
[175:root:0]RCV: IPCP Configure_Reject id(2) [IP_Addresses Internet_Addresses(deprecated)]
[175:root:0]SND: IPCP Configure_Request id(3)
[175:root:0]RCV: IPCP Configure_Ack id(3)
[175:root:0]ipcp: up ppp:0x55cfc000 caller:0x55cd3b00 tun:31
[175:root:0]Cannot determine ethernet address for proxy ARP
[175:root:0]local IP address 49.248.92.130
[175:root:0]remote IP address 10.212.134.202
[175:root:1e9]sslvpn_ppp_associate_fd_to_ipaddr:279 associate 10.212.134.202 to tun (ssl.root:31)
[174:root:1e7]Timeout for connection 0x55cd4400
# config vpn ssl settings
set dns-suffix
"domain1.com;domain2.com;domain3.com;domain4.com;domain5.com;domain6.com;domain7.com;domain8.com" <----- (Example).
set dns-server1 x.x.x.x <----- (DNS server IP).
end
# config vpn ssl web portalThen kill all the ssl vpn process by using the command.
edit "full-access"
set dns-server1 x.x.x.x <----- (DNS server IP).
set split-tunneling enable
next
fnsysctl killall sslvpndRefer this to pages 4 and 5 of this link:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.