Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dudi
New Contributor

Created on ‎12-06-2018 07:22 PM

User can't connect ipsec vpn with dhcp address

Dear experts,

 

I'm new with Fortinet. I have problem in my ipsec vpn connection that already configure with dhcp address that given to client (using Forticlient). No client can connect to my ipsec vpn

I have been configured with these steps:

1. create custom vpn with settings below:

    - network: dialup user with wan port interface and activate nat traversal

    - authentication with my pre shared key

    - ike v1 with aggresive option

    - group user whose connect to this vpn

    - phase1 and phase2 I leave it default

2. Modify the tunnel interface with ip (in this case: 192.168.202.1/24), dhcp activated, and type ipsec

3. create new ipv4 policy, incoming tunn-int outgoing LAN-int, nat active, allow all source and all dst

 

In Forticlient, I chose dhcp over ipsec, but no one can connect. I check all my settings seems it's OK

Would you give any advice to me, what wrong with my settings?

For short config I follow this tutorials: https://engineeronnetwork.wordpress.com/2018/09/18/fortigate-dial-up-vpn-with-dhcp/

 

Thank you

 

Dudi

 

4351
0 Kudos
4 REPLIES 4
dudi
New Contributor

Created on ‎12-09-2018 06:49 PM

Dear Experts;

 

We still waiting the solutions for this case. Many appreciations for your help.

Thank you

2207
0 Kudos
emnoc
Esteemed Contributor III
In response to dudi

Created on ‎12-09-2018 08:19 PM

Qs:

 

Did you  enable  under the vpn phase2-setting  the ipsec-enable?

 

 

   set dhcp-ipsec enable 

 

Ddi you  provide any diagnostic captures and if the  DHCP server is seeing any  requests?

 

Did you monitor any  DHCP activity at the dhcp-server for the relay-agent ? And is the scope correct ?

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2207
0 Kudos
dudi
New Contributor
In response to emnoc

Created on ‎12-09-2018 11:06 PM

Hi Ken,

 

Thanks for your reply. I followed your advice to activate dhcp enable to phase2 vpn (in this case, my vpn is "VPN2".

It's described below:

---

Fortigate $ config vpn ipsec phase2-interface Fortigate (phase2-interface) $ show config vpn ipsec phase2-interface     edit "Ipsec-vpn"         set phase1name "Ipsec-vpn"         set comments "VPN: Ipsec-vpn (Created by VPN wizard)"     next     edit "VPN2"         set phase1name "VPN2"         set dhcp-ipsec enable     next end ---

But the problem still ongoing. The client still can't connect to the vpn.

The log of vpn and dhcp are:

vpn log:

 

 

dhcp log:

 

 

It's seems like no user can connect. would you please give any idea to do?

Thank you

 

2207
0 Kudos
dudi
New Contributor
In response to dudi

Created on ‎12-09-2018 11:13 PM

Dear Ken,

 

I attach the screenshoot of vpn and dhcp monitor picture. My previous post can't show the result.

Preview file
73 KB
2207
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.