Skip to Content

How to fix VPN IPSEC DIAL UP does not work with same DH groups

By: Author Alex Lim

Posted on

Categories Troubleshooting

This article describes the behavior and how to fix a VPN IPSEC dial-up connection issue with FortiClient (Free and Paid Version)

Scope

FortiGate v7, v7.2, v7.4, FortiClient 7.2.9 and 7.4.

Solution

Step 1: After Configure VPN IPSEC Dial-up successfully, and setting the same DH Groups on FortiClient, the negotiation fails:

Configure VPN IPSEC Dial-up.

Setting the same DH Groups on FortiClient.

After Configure VPN IPSEC Dial-up successfully, and setting the same DH Groups on FortiClient, the negotiation fails.

Negotiation fails.

Step 2: To mitigate this issue, specify only one DH group on VPN IPSEC configuration on FortiGate (it does not matter if uses DH 14 or 5 group, any should work).

To mitigate this issue, specify only one DH group on VPN IPSEC configuration on FortiGate.

It does not matter if uses DH 14 or 5 group, any should work.