[Vpn-help] Fortigate Commercial IPSec Gateway

[Matthew Grooms]

Noach Sumner wrote:
> I am using a Fortigate 200A and very much wanted to get the VPN Client 
> working with my Fortigate unit. I therefore tried setting up the client 
> and had no luck. However Matthew was happy to help me and I now have a 
> working config. I then went and tried playing with as many settings as I 
> could to see what works and what doesn't.
> 
> It seems to me the vast majority of options work (as long as you can set 
> it on BOTH the Fortigate and the Client). Every encryption and 
> authentication option I saw on both worked for example. It seems setting 
> anything to Auto is the wrong way to go as this doesn't seem to work for 
> any settings. Therefore the best advice I can give is where ever 
> possible set the setting and don't select auto.
> 
> I found 2 options that DO NOT WORK!
>
> I have NAT Transversal set on the Fortigate but if I enable it on the 
> client I can not get it to connect at all.
> In addition using MAIN ID (phase1) does not appear to work at all.
> 
> I will of course be glad to be corrected but this is how it appears to me.
> 

Excellent follow up! Thanks :) Just a few comments to add. There isn't 
much to be done about the main mode ID issue as this combination clearly 
violates the IKE RFC. Also, I found a NAT-T related bug in the alpha 2 
release that has been corrected in head. I will roll another release 
later this week that will hopefully solve this problem for you. Testing 
the NAT-T feature with my Fortigate 50a works well so the odds are good.

Thanks again,

-Matthew