ike 0:CP-FC: unable to build CERTREQ for client02 ike 0:CP-FC: building CERTREQ for peer client02 ike 0:CP-FC: unable to build CERTREQ for client01 ike 0:CP-FC: building CERTREQ for peer client01 Ike 0:CP-FC:484: responder:main mode get 2nd message. Here the logs, the yellow lines looks suspicious We are using client certificates with peer groups for authentication reasons Using main or aggressive mode or enabling IKE fragmentation on the client config makes no difference. Rich really errors, the fortigate tries to send P1 response but fails. The problem seems worse with the DHCP profiles, but does occur with the others as well. We have deployed several different VPN profiles - some used mode config and other use DHCP over ipsec. I have tried a variety of scenarios (rebooting, not-rebooting, trying different networks, disabling IPV6 etc, disabling security services like EMET) and none of these things have any effect on the result." I can immediately connect on the second try. " I’ve had this recurring issue with the FCL VPN, despite all the configuration changes over time, where I cannot connect on the first try. Our user community's patience in dealing with this inconvenience is fading. If you then disconnect, most often the second an subsequent attempts succeed. Our Fortigate VPN server is current 5.0.9.įrequently, the first (at least) to establish a VPN connects hangs when connecting. This affects various versions from 5.0.7 through 5.2.1 (at least).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |