Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sionathan
New Contributor

IPSEC VPN for remote users - no matching gateway for new request

I' m new to FortiGate firewalls, but a client just got a 60C (MR3 Patch 12) they want to use with the FortiClient for remote IPSEC VPN connections. I found a how-to guide for this in the FortiOS Cookbook (http://docs.fortinet.com/cb/html/index.html#page/FOS_Cookbook/IPSec/cb_ipsecvpn_forticlient.html), but when i try to have a client connect it fails, and the console log shows the following: Virtual Domain root Message IPsec phase 1 error Action negotiate IPSec Remote IP [] IPSec Local IP [] Remote Port 6893 Outgoing Interface wan1 Local Port 500 Cookies 34f19195f36324fa/0000000000000000 User N/A Group N/A XAUTH User N/A XAUTH Group N/A Status negotiate_error VPN Tunnel N/A Error Reason no matching gateway for new request Peer Notification N/A Any ideas what i missed? I tried 2x following the cookbook so far, but same results each time. Thanks for your thoughts!
1 REPLY 1
Dipen
New Contributor III

The FortiOS Cookbook describes IPSEC Configuration in Tunnel Mode. However the recommended mode is Interface Mode. Where each IPSEC Phase1 is created as a Sub-Interface. Leaving " Interface Mode" apart let' s talk about your Tunnel Mode. The Tunnel Mode will not work until a corresponding Firewall Policy is created. Please create a Firewall Policy to bring the Tunnel Up.

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D