Hot!Setup both Windows Native vpn(l2tp/ipsec) and iOS Native vpn(ipsec vpn) on one fortigate

Author
secret104278
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/21 01:17:40
  • Status: offline
2019/10/17 00:09:13 (permalink) 6.2
0

Setup both Windows Native vpn(l2tp/ipsec) and iOS Native vpn(ipsec vpn) on one fortigate

I want to setup remote access vpn on my fortigate(v6.2) for both windows and ios/macos native client.
I try templated Windows Native and iOS Native, both works well respectively.
However, when I enable both of these, only iOS Native will work, and when I try to connect from windows, I will see some message about iOS Native interface from VPN Events log. It seems like fortigate try to handle windows vpn request with iOS Native vpn.
 
Here is the actual config:
FGT81EXXXXXXXXX # show vpn ipsec phase1-interface
config vpn ipsec phase1-interface
    edit "l2tpIPsec"
        set type dynamic
        set interface "wan1"
        set peertype any
        set net-device disable
        set proposal aes256-md5 3des-sha1 aes192-sha1
        set dpd on-idle
        set comments "VPN: l2tpIPsec (Created by VPN wizard)"
        set dhgrp 2
        set wizard-type dialup-windows
        set psksecret ENC r6a0aJ6ppiZcRsVyfZeYTfdJ4ZHw+GKaQEAmO9aEMwVYOYN5lHPqe82yzKCdQ/svXa8l/20THR9tFfrv5cFM9Rh0YJCbSCOWq8irpwx+i4BGtIpITPV9KjbUYon/I3QSNY6hZYbipreBa5oCl4zpzvxLqG9QdAsQ279DSCmrKiGKO51bDRN6vqCfBoBXta4Fhx4Ehg==
        set dpd-retryinterval 60
    next
    edit "ipsec"
        set type dynamic
        set interface "wan1"
        set peertype any
        set net-device disable
        set mode-cfg enable
        set proposal aes256-sha256 aes256-md5 aes256-sha1
        set dpd on-idle
        set comments "VPN: ipsec (Created by VPN wizard)"
        set dhgrp 14 5 2
        set wizard-type dialup-ios
        set xauthtype auto
        set authusrgrp "VPN_Group"
        set ipv4-start-ip 10.2.6.1
        set ipv4-end-ip 10.2.6.254
        set ipv4-netmask 255.255.240.0
        set dns-mode auto
        set psksecret ENC LS9k7wvjeIi0WRlv4KnQOWspzF6ycJmIUHv3D2C8d+pahHjLQ4I8mhD4bpY3VoPGLimgisSWfYfzPmgu97AmzT3AEOnaF9vqwV3j6M+MXeWtv4XhnbKSXgFwOCThnMl8cM8x9yglNXMRaOKJ/ecEaXwGuISbACeu7F45NM1TzOFFn9QAQ5FNhzOKKeh/Gd+1er/LOA==
        set dpd-retryinterval 60
    next
end
FGT81EXXXXXXXXX # show vpn ipsec phase2-interface
config vpn ipsec phase2-interface
    edit "l2tpIPsec"
        set phase1name "l2tpIPsec"
        set proposal aes256-md5 3des-sha1 aes192-sha1
        set pfs disable
        set encapsulation transport-mode
        set l2tp enable
        set comments "VPN: l2tpIPsec (Created by VPN wizard)"
        set keylifeseconds 3600
    next
    edit "ipsec"
        set phase1name "ipsec"
        set proposal aes256-sha256 aes256-md5 aes256-sha1
        set pfs disable
        set keepalive enable
        set comments "VPN: ipsec (Created by VPN wizard)"
    next
end

#1

4 Replies Related Threads

    suporte@sjosepneus.com
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/07 13:56:59
    • Status: offline
    Re: Setup both Windows Native vpn(l2tp/ipsec) and iOS Native vpn(ipsec vpn) on one fortiga 2020/03/02 11:09:50 (permalink)
    0
    Any luck getting this to work?
     
    I'm trying to config 2 windows native vpn(l2tp/ipsec), beacause I need diferent permissions on the vpns, and if I have only one configured it works, if I configure a second one both will not work.
    #2
    suporte@sjosepneus.com
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/07 13:56:59
    • Status: offline
    Re: Setup both Windows Native vpn(l2tp/ipsec) and iOS Native vpn(ipsec vpn) on one fortiga 2020/03/02 13:43:30 (permalink)
    0
    This can't be done I found the explanationin this article:
     
    https://kb.fortinet.com/kb/documentLink.do?externalID=FD45747
    #3
    sw2090
    Platinum Member
    • Total Posts : 551
    • Scores: 39
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: Setup both Windows Native vpn(l2tp/ipsec) and iOS Native vpn(ipsec vpn) on one fortiga 2020/03/03 00:32:07 (permalink)
    0
    Probably you would have to tie each vpn to a remote peer id. I ran into such issues with more than one dial in tunnel on FGTs too. I had to seperate them either by peer id or unique proposals.
    #4
    gigakun
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/11/04 17:53:47
    • Status: offline
    Re: Setup both Windows Native vpn(l2tp/ipsec) and iOS Native vpn(ipsec vpn) on one fortiga 2020/03/26 06:06:42 (permalink)
    0
    suporte@sjosepneus.com
    This can't be done I found the explanationin this article:
     
    https://kb.fortinet.com/kb/documentLink.do?externalID=FD45747



    Hate to bump this thread but I am also experiencing this problem. Did you find a solution? As per the article I am attempting to setup the IPSEC VPN via the gui and trying to connect via windows via this guide
    https://docs.fortinet.com/document/fortigate/6.0.0/handbook/299180/configuration-overview
     
    But I'm not having any luck. Can anyone guide me?
    #5
    Jump to:
    © 2020 APG vNext Commercial Version 5.5