IPSEC VPN for remote users - no matching gateway for new request
I' m new to FortiGate firewalls, but a client just got a 60C (MR3 Patch 12) they want to use with the FortiClient for remote IPSEC VPN connections.
I found a how-to guide for this in the FortiOS Cookbook (http://docs.fortinet.com/cb/html/index.html#page/FOS_Cookbook/IPSec/cb_ipsecvpn_forticlient.html), but when i try to have a client connect it fails, and the console log shows the following:
Virtual Domain root
Message IPsec phase 1 error
IPSec Remote IP 
IPSec Local IP 
Remote Port 6893
Outgoing Interface wan1
Local Port 500
XAUTH User N/A
XAUTH Group N/A
VPN Tunnel N/A
Error Reason no matching gateway for new request
Peer Notification N/A
Any ideas what i missed? I tried 2x following the cookbook so far, but same results each time.
Thanks for your thoughts!
The FortiOS Cookbook describes IPSEC Configuration in Tunnel Mode. However the recommended mode is Interface Mode. Where each IPSEC Phase1 is created as a Sub-Interface.
Leaving " Interface Mode" apart let' s talk about your Tunnel Mode. The Tunnel Mode will not work until a corresponding Firewall Policy is created.
Please create a Firewall Policy to bring the Tunnel Up.