ISSUE-VPN-L2TP/IPSEC-FORTINET

[Felipe.Herrera]

I can help with the following case over Setting VPN-L2TP/IPSEC with mobil Android 2.X.
I commented that perform all the steps listed in the guides along with other documents but could not get it to connect successfully establish the VPN between the mobile Android version 2.3.3 and Fortinet 60 Version 4.0 MR2.
According to the analysis and review of the logs shows that the phase 1 and 2 are set successfully but when you look at the disconnect message mobile device.
Logs and establishment phase are:


1 2012-11-22 03:46:49 information ppp 31009 disconnect Client 190.239.76.17 control connection (id 79) finished
2 2012-11-22 03:46:20 information admin 32003 ssh(186.162.14.205) logout Administrator admin timed out on ssh(186.162.14.205)
3 2012-11-22 03:46:10 notice ipsec 37122 negotiate negotiate IPsec phase 2
4 2012-11-22 03:46:10 notice ipsec 37129 negotiate progress IPsec phase 2
5 2012-11-22 03:46:10 notice ipsec 37138 tunnel-up IPsec connection status change
6 2012-11-22 03:46:10 notice ipsec 37139 phase2-up IPsec phase 2 status change
7 2012-11-22 03:46:10 notice ipsec 37133 install_sa install IPsec SA
8 2012-11-22 03:46:10 notice ipsec 37129 negotiate progress IPsec phase 2
9 2012-11-22 03:46:08 notice ipsec 37127 negotiate progress IPsec phase 1
10 2012-11-22 03:46:08 notice ipsec 37127 negotiate progress IPsec phase 1
11 2012-11-22 03:46:07 notice ipsec 37127 negotiate progress IPsec phase 1
12 2012-11-22 03:46:06 notice ipsec 37127 negotiate progress IPsec phase 1


shows the disconnection:

Date 2012-11-22
Time 00:47:30
Level Information
Sub Type Ppp
ID 31009
Action Disconnect
Status Success
Message Client 190.239.76.17 control connection (id 671) finished


The monitor in the option VPN Firewall :


L2TPDial_1 Dialup 190.239.76.17 45336 3512 200.110.13.22-200.110.13.22 190.239.76.17-190.239.76.17 Bring Down


The setting in the Fortinet :

config user local
edit AndroiXXX
set type password
set passwd XXXXX
set status enable
end

config user group
edit L2TP
set group-type firewall
set member AndroiXXX
end

config vpn l2tp
set sip 192.168.173.2
set eip 192.168.173.20
set status enable
set usrgrp "L2TP"
end

config firewall address
edit "L2TP Clients"
set type iprange
set start-ip 192.168.173.2
set end-ip 192.168.173.20
end

config vpn ipsec phase1
edit "L2TPDial"
set type dynamic
set interface wan1
set mode main
set psksecret ********
set proposal aes256-md5 3des-sha1 aes192-sha1
set dhgrp 2
set nattraversal enable
set dpd enable
end

config vpn ipsec phase2
edit "L2TPDial2"
set phase1name "L2TPDial"
set proposal aes256-md5 3des-sha1 aes192-sha1
set replay enable
set pfs disable
set keylifeseconds 3600
set encapsulation transport-mode
end

config firewall policy
edit 0
set srcintf internal
set dstintf wan1
set srcaddr all
set dstaddr all
set action ipsec
set schedule always
set service ANY
set inbound enable
set outbound enable
set vpntunnel "L2TPDial"
end

config firewall policy
edit 0
set srcintf wan1
set dstintf internal
set srcaddr "L2TP Clients"
set dstaddr all
set action accept
set schedule always
set service ANY
end