Solved

Cisco VPN client to Fortigate 110c

Posted on 2010-08-30
4
3,611 Views
Last Modified: 2012-05-11
Hi,

We have a Cisco Client etsablishing an IPSEC vpn to a Fortigate 110C. Works like a charm for all users except one, this user is using 3 G mobile broadband as is getting disconnected every five minutes. All othe users a up most of the working day.

David
0
Comment
Question by:dlg654
  • 2
4 Comments
 
LVL 8

Expert Comment

by:sstone55423
ID: 33564077
"Works like a charm for all users except one, this user is using 3 G mobile broadband as is getting disconnected every five minutes"
So, you think that this one user is getting connected to the VPN successfully, at least occasionally?
If so, then the issue is not a VPN encryption issue, but an Internet provider reliability issue, I think.
Here is a link regarding iPhone on AT&T o er 3G, and VPN issues due to network congestion.
http://discussions.info.apple.com/thread.jspa;jsessionid=4F5F15EBFAC570A34228E326273BBBCF.node0?messageID=11289312&#11289312
 
0
 

Author Comment

by:dlg654
ID: 33564137
User is getting connected and then every five to 10 minutes gets disconnected. Dont think the problem is congestion as a few weeks ago when they were connecting to a Cisco box they did not get dropout. Don't think it is the Fortigate as the non wireless connected users are getting less dropouts then when they were connecting to the Cisco.

David
0
 
LVL 4

Expert Comment

by:Whiterat
ID: 33651110
Hi dlg654,

We had a similar issue with a mobile network provider in the UK, it turned out to be a limitation of the particular APN they provided.

They provided an alternative one that was only for VPN users which gave users a public IP and did not go through their DPI process.

Does your 3G operator provide a similar setup?

The only other thing I can think is to enable autokey keep alive on the firewall and set the keylife to sub 10 minutes so the tunnel can rekey before it drops.

Cheers,
0
 

Accepted Solution

by:
dlg654 earned 0 total points
ID: 33658762
Problem turned out to be MTU of the Fortigate firewall. Changing the MTU settings on the firewall from 1400 to 1450 elliminated the problem.

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now