Description
This article describes how to mitigate:
- Issues in establishing SSL VPN on a Windows server.
- Issues in establishing SSL VPN on the other Windows with enabling high security level on Internet Options.
Scope
FortiGate.
Solution
The error 'Unable to establish the VPN connection. The VPN server may be unreachable. (-14)' may appear on FortiClient 6.2.
The error 'Unable to logon to the server. Your user name or password may not be configure properly for this connection. (-12)' may appear on FortiClient 6.0.
In the VPN Events log, there is a successful login followed by a tunnel connection setup timeout.
Output from SSL VPN debugging:
rmt_web_auth_info_parser_common:470 no session id in auth info
rmt_web_access_check:723 access failed, uri=[/remote/fortisslvpn],ret=4103,
Another similar, related warning when connecting to SSL VPN:
The Internet zone in internet options will be forced to set 'High' as a security level.
In order to solve this issue, disable IE enhanced security configuration then reduce the security level from 'High' to 'Medium-high' or 'Medium'.
Note:
Starting from FortiOS v7.6.3, the SSL VPN tunnel mode will no longer be supported, and SSL VPN web mode will be called 'Agentless VPN'.
