Hot!Forticlient - SSL VPN Error (-14)

Author
miguel.almeida
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/10/24 14:05:07
  • Status: offline
2019/10/24 14:22:01 (permalink)
0

Forticlient - SSL VPN Error (-14)

Hello,
 
I have a corporate LAN/Wifi network and I have some users who need to connect to another site in company via SSL VPN (I can't do direct VPN with the other site). Within my corporate network they cannot make the connection, always gives the error: "Unable to establish VPN connection. The VPN server may be unreachable. (-14)". Stops at 80%.
Attempting to connect via an external network works without problems. Something is blocking the connection on my network but I still haven't figured it out, any idea how I can test the various hypotheses?
 

 
Fortigate 101E:
FortiOS v6.0.6 build0272
 
Forticlient: 6.2.2.0877
 
 Thank you
#1

4 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 2031
    • Scores: 186
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Forticlient - SSL VPN Error (-14) 2019/10/24 21:14:15 (permalink)
    0
    Explain more clearly about relation between your "corporate network" and "another site", then which side has the FG101E ("another site"? If not how to get to "another site" from the 101E?). And what is the auth method for SSL VPN users?
    #2
    miguel.almeida
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/10/24 14:05:07
    • Status: offline
    Re: Forticlient - SSL VPN Error (-14) 2019/10/25 00:44:52 (permalink)
    0
    Hello Toshi,
     
    My site have the Fortigate 101E and another site have Fortigate 90D (I think). I am using my corporate network to connect through forticlient. Authentication/authorization for SSL VPN (port 443) is by LDAP server.
    When I connect the forticlient he asks to authorize the certificate but then gives the error to 80%.
    My question is, my fortigate blocking any traffic or port?
    I am not using any particular block.
     
    To have Internet in my fortigate (wan connection), I have a "home" ISP router with dynamic DNS.
    #3
    Toshi Esumi
    Expert Member
    • Total Posts : 2031
    • Scores: 186
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Forticlient - SSL VPN Error (-14) 2019/10/25 09:53:21 (permalink)
    0
    But those SSL VPN attemps goes through your 101E to get to the 90D to be terminated at. Is the LDAP server you're talking about located at the "another site"? Your local 101E can't do much to contribute to the problem because SSL VPN traffic is just outgoing TCP 443 (unless you or somebody changed it on the 90D) like any internet browsing.
    The problem must be on the 90D side. First, check "config vpn ssl settings" to see if multiple profiles are configured. Then you probably need to run "diag debug app sslvpn -1" on the 90D then compare between accessing from the internet and accessing from your office.
     
     
    #4
    scerazy
    Gold Member
    • Total Posts : 184
    • Scores: 2
    • Reward points: 0
    • Joined: 2009/12/22 14:09:01
    • Status: offline
    Re: Forticlient - SSL VPN Error (-14) 2020/03/25 02:44:32 (permalink)
    0
    That artickle is rubbish for this error
    -14 means most likely that user is in a group that does not have Tunnel access consigured for SSL Portal
    #5
    Jump to:
    © 2020 APG vNext Commercial Version 5.5