Hot!IPSEC vpn with certificate auth on forticlient

Author
smashytech
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/03/05 05:34:38
  • Status: offline
2019/03/05 05:48:19 (permalink)
0

IPSEC vpn with certificate auth on forticlient

Hi,
 
We're trying to se up cert based authentication via forticlient in our enviroment. We're running 5.6.6 and we have a working ipsec with local user /pw setup. However we now want to move to a cert based authentication.
We're not really getting past phase 1, and we have a really hard time debugging this to see what the issue is.
 
I've looked at these guides and examples:
https://docs.fortinet.com/document/forticlient/6.0.5/xml-reference-guide/673310/ipsec-vpn
and
https://cookbook.fortinet.com/ipsec-vpn-with-forticlient-56/
 
To clear out the obvious:

And this is the same on the forticlient settings.
 
 
 
post edited by smashytech - 2019/03/05 05:59:34

Attached Image(s)

#1

2 Replies Related Threads

    sonarden
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/03/22 11:33:10
    • Status: offline
    Re: IPSEC vpn with certificate auth on forticlient 2020/03/22 11:53:52 (permalink)
    0
    Are you using FortiClient EMS or a standalone client?
    #2
    sonarden
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/03/22 11:33:10
    • Status: offline
    Re: IPSEC vpn with certificate auth on forticlient 2020/03/22 12:02:56 (permalink)
    0
    The reason I ask is because the tunnel will not even try to connect if you have two Diffie-Hellman groups in the FortiClient configuration, since the tunnel will not even build if the FortiClient profile is propagated from EMS.  The client act as if it is trying to connect, but it is not.
    I have dozens of certificate authenticating clients right now that are working with both xauth and MFA right now.
    I hope this helps.
    #3
    Jump to:
    © 2020 APG vNext Commercial Version 5.5