Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nacho-Bidadiea
New Contributor

Created on ‎06-10-2022 08:39 AM

Cant stablish forticlient VPN remote-access

FortiGate 300E in version 6.2.3 build1066

 

I'm trying to create an IPsec Tunnel to connect remote to Intranet Servers but don't connect.

 

I'm doing an IPsec tunnel step by step

 

11

 

Start with authentication ( I save the prepared key ) and the group "Bidaidea" has a user called "nacho" with a password that I know

 

22

 

Local interface Datos ( 10.10.200.1/24 ) - and I get the client Address Range 10.10.199.50 - 100 ( I tried with 10.10.200.0/24 subnet range )

 

33

 

And the VPN and policy are created

 

44

 

The policy

 

Policy created by VPN WIZARDPolicy created by VPN WIZARD

 

So if I try an IPSEC connection to de gateway on the same INCOMING interface I configured ( wan1 )

 

Config on VpnClinet later than the screenshot i changed the gatewayConfig on VpnClinet later than the screenshot i changed the gateway

 

Error trying to connect by VPNError trying to connect by VPN

 

VPN connection failed. Please check your settings, network connection and shared key and try the connection again. If the problem persists contact your network administrator for help.

If I ping the gateway with my PC I get a response, so the gateway is OK.

 

I tried too with SSL VPN and cant connect.

Otherwise is if I put my credentials wrong, the error message change so Forti come to authenticate me

 

 

Labels:
1350
0 Kudos
3 REPLIES 3
vponmuniraj
Staff
Staff

Created on ‎06-10-2022 10:53 PM

Hi Nacho, 

 

Please enable debug on the FGT and share the outputs 

 

diag deb reset

diag vpn ike log-filt clear

diag vpn ike log-filt dst-addr4 x.x.x.x   <--- Check the public IP on the device and use it here 

diag deb appl ike -1

diag deb en

 

 

Regards,

Vignesh
1325
0 Kudos
Nacho-Bidadiea
New Contributor
In response to vponmuniraj

Created on ‎06-13-2022 09:54 AM Edited on ‎06-13-2022 09:55 AM

Hi,

 

Dont show anything 

 

imagen_2022-06-13_115204365.png

 

I put the commands and tried establish a forticlient connection but nothing show up on the screen

 

Regards,

1313
0 Kudos
ssudhakar
Staff
Staff

Created on ‎06-13-2022 10:46 AM Edited on ‎06-13-2022 10:48 AM

Hi Nacho,

 

I have attached a KB and a cookbook (v6.2.3) here that shows step by step procedure on how to setup ipsec vpn remote-access (Dial Up) .  Let me know if this is helpful

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-dial-up-full-tunnel-with-FortiClient...

 

https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/785501/forticlient-as-dialup-client

 

Thank you,

Hope.

1310
0 Kudos
Related Posts
View all
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.