Hot!Forticlient - SSL VPN Error (-14)

Author
miguel.almeida
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/10/24 14:05:07
  • Status: offline
2019/10/24 14:22:01 (permalink)
0

Forticlient - SSL VPN Error (-14)

Hello,
 
I have a corporate LAN/Wifi network and I have some users who need to connect to another site in company via SSL VPN (I can't do direct VPN with the other site). Within my corporate network they cannot make the connection, always gives the error: "Unable to establish VPN connection. The VPN server may be unreachable. (-14)". Stops at 80%.
Attempting to connect via an external network works without problems. Something is blocking the connection on my network but I still haven't figured it out, any idea how I can test the various hypotheses?
 

 
Fortigate 101E:
FortiOS v6.0.6 build0272
 
Forticlient: 6.2.2.0877
 
 Thank you
#1

6 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 2241
    • Scores: 215
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Forticlient - SSL VPN Error (-14) 2019/10/24 21:14:15 (permalink)
    0
    Explain more clearly about relation between your "corporate network" and "another site", then which side has the FG101E ("another site"? If not how to get to "another site" from the 101E?). And what is the auth method for SSL VPN users?
    #2
    miguel.almeida
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/10/24 14:05:07
    • Status: offline
    Re: Forticlient - SSL VPN Error (-14) 2019/10/25 00:44:52 (permalink)
    0
    Hello Toshi,
     
    My site have the Fortigate 101E and another site have Fortigate 90D (I think). I am using my corporate network to connect through forticlient. Authentication/authorization for SSL VPN (port 443) is by LDAP server.
    When I connect the forticlient he asks to authorize the certificate but then gives the error to 80%.
    My question is, my fortigate blocking any traffic or port?
    I am not using any particular block.
     
    To have Internet in my fortigate (wan connection), I have a "home" ISP router with dynamic DNS.
    #3
    Toshi Esumi
    Expert Member
    • Total Posts : 2241
    • Scores: 215
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Forticlient - SSL VPN Error (-14) 2019/10/25 09:53:21 (permalink)
    0
    But those SSL VPN attemps goes through your 101E to get to the 90D to be terminated at. Is the LDAP server you're talking about located at the "another site"? Your local 101E can't do much to contribute to the problem because SSL VPN traffic is just outgoing TCP 443 (unless you or somebody changed it on the 90D) like any internet browsing.
    The problem must be on the 90D side. First, check "config vpn ssl settings" to see if multiple profiles are configured. Then you probably need to run "diag debug app sslvpn -1" on the 90D then compare between accessing from the internet and accessing from your office.
     
     
    #4
    scerazy
    Gold Member
    • Total Posts : 190
    • Scores: 2
    • Reward points: 0
    • Joined: 2009/12/22 14:09:01
    • Status: offline
    Re: Forticlient - SSL VPN Error (-14) 2020/03/25 02:44:32 (permalink)
    0
    That artickle is rubbish for this error
    -14 means most likely that user is in a group that does not have Tunnel access consigured for SSL Portal
    #5
    boneyard
    Gold Member
    • Total Posts : 229
    • Scores: 10
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: Forticlient - SSL VPN Error (-14) 2020/04/25 00:26:29 (permalink)
    0
    the article isnt that bad on itself, but the title is confusing as error -14 pops up for so many things. the one you mentioned but also several others. best would be if the developers dont add the text, but just use -14 generic error, because that is what it is.
     
    for that article you could reach out to he documentation team and ask them to add some lines.
    #6
    hisham211@gmail.com
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/05/13 06:49:47
    • Status: offline
    Re: Forticlient - SSL VPN Error (-14) 2020/05/13 06:57:55 (permalink)
    0
    I had the same exact issue. Internal client can connect to remote Fortigate from an un-secured WiFi but could not connect from behind my Fortigate 60F. My scenario is as follows:
     
    my fortigate - 60F running fortiOS 6.2.3
    my internal client - Windows 10 running forticlient 6.2.6.0951
     
    end point fortigate - 300E running fortiOS 6.2.3
     
    temporary solution was to disable SSL inspection on my end. now i'm going to work on a permanent solution with the remote network admin.
    #7
    Jump to:
    © 2020 APG vNext Commercial Version 5.5