ISR4331 - features VPN

A customer replaces a Cisco 1941 with a router Cisco 4331. Sounded good on paper until I tried to get the client VPN configured. From what I can tell:

PPTP is not supported (L2TP is but requires a router to act as a remote client)
AnyConnect is not supported (no webvpn support)
ISAKMP/IPSEC is... but Cisco continued to provide the VPN client to connect to this

Am I missing something, or this router simply cannot provide the customer VPN?

Hi Jon,

Yes you are right.

ISR4331 does not support the Anyconnect. For L2TP, you need a remote device.

And the IPSEC VPN client is already EOL/EOS of Cisco.

Here is the list of the VPN is supported on the device:

FlexVPN, Server remote easy VPN, Enhanced Easy VPN, Dynamic Multipoint VPN (DMVPN),
Group encrypted Transport VPN (VPN GET), V3PN, MPLS VPN

Refer to this link:

http://www.Cisco.com/c/en/us/products/routers/4000-series-integrated-SER...

Kind regards

Aditya

Please evaluate the useful messages and mark the correct answers.

Tags: Cisco Security

Similar Questions

Journal entries of false IP addresses in the VPN session

I noticed a very strange problem on ASA5520 running version 9.1 (1). Whenever a VPN user disconnects (or expires or gets disconnected with force), a journal entry refers to the IP address that is not the user's IP address. It is one of the examples where the 196.95.116.118 IP address is logged:

-SNIP-

March 28, 2014 13:37:45: % ASA-4-113019: group = , username = , IP = 196.95.116.118, disconnected Session. Session type: IKEv1, duration: 0: 00: 05:00, xmt bytes: 59216, RRs bytes: 123329, reason: the user has requested

-SNIP-

So far, I have captured about 7 of these IP addresses and they all model x.x.116.118. This is the list:

24.80.116.118
60.57.116.118
84.104.116.118
164.78.116.118
180.18.116.118
196.95.116.118
202.89.116.118

None of them are related to any of my clients or the company itself. In addition, they do not belong to my ISP. In all of the features VPN and ASA are not affected. Anyone who would have knowledge or idea where these addresses are known to and why they have this strange pattern?

Hello

This related to a bug https://tools.cisco.com/bugsearch/bug/CSCub72545/?reffering_site=dumpcr

It will be useful.

Kind regards

Shetty

VPN design tips

I usually deal with issues of LAN/WAN, but have very little experience with the design of the VPN. I would like to know if I have the right idea or if there is a better solution to target.

Scenario:

There is a staff with two remote offices. Remote offices have 10 to 20 people each with little or no planned growth and different firewall solutions. HQ has 40-50 people anticipating exceptional growth and a PIX 515E. The manager would like to remote offices and remote access VPN site to site VPN for the traveler. His biggest concern is the speed through the site to site tunnels.

My solution:

Place a hub routers of the 800 series with sets of features VPN and firewalls and VPN 3005 behind the PIX to HQ in remote controls.

This seems sufficient? Other recommendations?

No I don't think so. This should be good only for the 515.

Site to Site VPN of IOS - impossible route after VPN + NAT

Hello

I have problems with a VPN on 2 routers access 8xx: I am trying to set up a quick and dirty VPN Site to Site with a source NAT VPN tunnel endpoint. This configuration is only intended to run from one day only inter. I managed to do the work of VPN and I traced the translations of NAT VPN tunnel endpoint, but I couldn't make these translated packages which must move outside the access router, because intended to be VPN traffic network is not directly connected to leave the router. However, I can ping the hosts directly connected to the router for access through the VPN.

Something done routing not to work, I don't think the NATing, because I tried to remove the NAT and I couldn't follow all outgoing packets that must be sent, so I suspect this feature is not included in the IOS of the range of routers Cisco 8xx.

I'm that extends the features VPN + NAT + routing too, or is there a configuration error in my setup?

This is the configuration on the router from Cisco 8xx (I provided only the VPN endpoint, as the works of VPN endpoint)

VPN endpoints: 10.20.1.2 and 10.10.1.2

routing to 192.168.2.0 is necessary to 192.168.1.2 to 192.168.1.254

From 172.31.0.x to 192.168.1.x

!

version 12.4

no service button

horodateurs service debug datetime msec

Log service timestamps datetime msec

encryption password service

!

hostname INSIDEVPN

!

boot-start-marker

boot-end-marker

!

enable secret 5 xxxxxxxxxxxxxxx

!

No aaa new-model

!

!

dot11 syslog

no ip cef

!

!

!

!

IP domain name xxxx.xxxx

!

Authenticated MultiLink bundle-name Panel

!

!

username root password 7 xxxxxxxxxxxxxx

!

!

crypto ISAKMP policy 10

BA 3des

preshared authentication

ISAKMP crypto key address 10.20.1.2 xxxxxxxxxxxxx

!

!

Crypto ipsec transform-set esp-3des esp-sha-hmac VPN-TRANSFORMATIONS

!

CRYPTOMAP 10 ipsec-isakmp crypto map

defined by peer 10.20.1.2

game of transformation-VPN-TRANSFORMATIONS

match address 100

!

Archives

The config log

hidekeys

!

!

LAN controller 0

line-run cpe

!

!

!

!

interface BRI0

no ip address

encapsulation hdlc

Shutdown

!

interface FastEthernet0

switchport access vlan 12

No cdp enable

card crypto CRYPTOMAP

!

interface FastEthernet1

switchport access vlan 2

No cdp enable

!

interface FastEthernet2

switchport access vlan 2

No cdp enable

!

interface FastEthernet3

switchport access vlan 2

No cdp enable

!

interface Vlan1

no ip address

!

interface Vlan2

IP 192.168.1.1 255.255.255.248

NAT outside IP

IP virtual-reassembly

!

interface Vlan12

10.10.1.2 IP address 255.255.255.0

IP nat inside

IP virtual-reassembly

card crypto CRYPTOMAP

!

IP forward-Protocol ND

IP route 192.168.2.0 255.255.255.0 192.168.1.254

IP route 10.20.0.0 255.255.0.0 10.10.1.254

Route IP 172.31.0.0 255.255.0.0 Vlan12

!

!

no ip address of the http server

no ip http secure server

IP nat inside source static 172.31.0.2 192.168.1.11

IP nat inside source 172.31.0.3 static 192.168.1.12

!

access-list 100 permit ip 192.168.1.0 0.0.0.255 172.31.0.0 0.0.255.255

access-list 100 permit ip 192.168.2.0 0.0.0.255 172.31.0.0 0.0.255.255

!

!

control plan

!

!

Line con 0

no activation of the modem

line to 0

line vty 0 4

password 7 xxxxxxxxx

opening of session

!

max-task-time 5000 Planner

end

Hi Jürgen,

First of all, when I went through your config, I saw these lines,

!

interface Vlan2

IP 192.168.1.1 255.255.255.248

!

!

IP route 192.168.2.0 255.255.255.0 192.168.1.254

!

With 255.255.255.248 192.168.1.1 and 192.168.1.254 subnet will fall to different subnets. So I don't think you can join 192.168.2.0/24 subnet to the local router at this point. I think you should fix that first.

Maybe have 192.168.1.2 255.255.255. 248 on the router connected (instead of 192.168.1.254)

Once this has been done. We will have to look at routing.

You are 172.31.0.2-> 192.168.1.11 natting

Now, in order for that to work, make sure that a source addresses (192.168.1.11) NAT is outside the subnet router to router connected (if you go with 192.168.1.0/29 subnet router to router, with 192.168.1.1/29 on the local router and 192.168.1.2/29 on the connected router as suggested, it will be fine). So in this case 192.168.1.8/29 to the subnet that your NAT would be sources fall.

Have a static route on the router connected (192.168.1.2) for the network 192.168.1.8/29 pointing 192.168.1.1,

!

IP route 192.168.1.8 255.255.255.248 192.168.1.1

!

If return packets will be correctly routed toward our local router.

If you have an interface on the connected rotuer which includes the NAT would be source address range, let's say 192.168.1.254/24, even if you do your packages reach somehow 192.168.2.0/24, the package return never goes to the local router (192.168.1.1) because the connected router sees it as a connected subnet, so it will only expire

I hope I understood your scenario. Pleae make changes and let me know how you went with it.

Also, please don't forget to rate this post so useful.

Shamal

What smart to use with lenovo phone watch?

Dear Lenovo (and community).

Recently, I bought the note of k5 vibe lenovo (a7020a48) and I was wondering is there a smartwatch Lenovo already on sale? Or an entry?

Or what brand watch is advised to use jointly with the 'my' (read: our) phone (s)?

I'm more interested in a type of /Heath of sport. I mean I love to see the heartbeat, stepper meter works maybe GPS for my physical condition monitoring (or bicycle). And of course I wouldn't mind being able to use the view and google maps (google addresses). And uuh hahaha I know I look is like Christmas now... But I'd love to take pictures with my watch as well. He is allowed to make phone calls... But I don't like very much for that.

Hey is the little android update for the 'bugs' Marshmallow coming out soon already? Hahaha no, I'm happy with the phone. I didn't buy the Nexus for many reasons so I have to wait for updates (lack really feature vpn I got lollipop.

In any case thank you for your time and effort. I'm off to the shops here in Bangkok.

See you soon!

Hi iCQ,.

I use a Moto360 Gen 2 with my Android phone. There is a Sport model.

https://www.Motorola.com/us/products/Moto-360-sport
http://www.wareable.com/Android-wear/new-Moto-360-Sport-2-price-release-date-specs

Site to Site VPN between ISR4331(Data Center) and 25 branches with RV042 and dynamic public IP address

Hi, we just got router ISR4331. We will use this router to our datacenter as pummel hub. Not to mention that it will be the static IP address. Our goal is to connect 30 small offices to the Datacenter by VPN site-to-site. All of our offices a RV042 router and DSL connection, so dynamic public IP. How to accomplish this task. Before the VPN connection is stable and the need not to configure tunnels frequently.

Thank you

GM

Hello

Please check the config below:

HUBS:

crypto ISAKMP policy 1

BA 3des

md5 hash

preshared authentication

Group 2

life 86400

crypto isakmp secretkey key address 0.0.0.0 0.0.0.0 (Having said that the dynamic router HUB remote routers have public ip address)

Describe your valuable traffic. Note that I have sepcified for both tunnels, but basically, it will be the same for the rest out for the destination. For example, I used 192.168.1.0/24 and 192.168.2.0/24. You will need to replace it with your existing installation.

TUN1 extended IP access list

ip permit 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255

TUN2 extended IP access list

ip permit 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

Create your strategy to Phase 2

Crypto ipsec transform-set esp-3des esp-md5-hmac TS

card crypto S2STUN 1-isakmp dynamic ipsec HUB_TUN

crypto dynamic-map HUB_TUN 10

86400 seconds, life of security association set

game of transformation-TS

match address TUN1

!

crypto dynamic-map HUB_TUN 11

86400 seconds, life of security association set

game of transformation-TS

match address TUN2

Now apply the card encryption to your WAN interface

gi0/1 interface

card crypto S2STUN

Now configure on your remote routers

Remote router 1

crypto ISAKMP policy 1
BA 3des

md5 hash

preshared authentication

Group 2

life 86400

!

ISAKMP crypto secretkey key address x.x.x.x (replace with your public ip address of the HUB)

!

TUNNEL TRAFFIC extended IP access list

permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

!

Crypto ipsec transform-set esp-3des esp-md5-hmac TS

!

crypto card TUN_TO_HUB 10 ipsec-isakmp

defined peer x.x.x.x (replace with your public ip address of the hub)

game of transformation-TS

match address TRAFFIC TUNNEL
!

gi0/1 interface

card crypto TUN_TO_HUB

Remote router 2

crypto ISAKMP policy 1

BA 3des

md5 hash

preshared authentication

Group 2

life 86400

!

ISAKMP crypto secretkey key address x.x.x.x (replace with your public ip address of the HUB)

!

TUNNEL TRAFFIC extended IP access list

ip licensing 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

!

Crypto ipsec transform-set esp-3des esp-md5-hmac TS

!

crypto card TUN_TO_HUB 10 ipsec-isakmp

defined peer x.x.x.x (replace with your public ip address of the hub)

game of transformation-TS

match address TRAFFIC TUNNEL
!

gi0/1 interface

card crypto TUN_TO_HUB

HTH.

Evaluate the useful ticket.

Kind regards

Terence

VPN-3DES-AES: feature disabled

Hi all

I have an ASA that I would activate the VPN-3DES-AES license. Unfortunately, we used this unit for the past years and the provider don't failed us with the SKU PAK (the white sheet that comes with the box). Is it possible that I can activate this feature?

Thank you very much.

The devices allowed for this platform:

The maximum physical Interfaces: unlimited

VLAN maximum: 100

Internal hosts: unlimited

Failover: Active/active

VPN - A: enabled

VPN-3DES-AES: disabled

You get the license for free on www.cisco.com/go/license.

Under 'Get new' you choose ASA, providing your serial no and contact, and a few minutes later, you have the license in your Inbox.

--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni

SSL VPN on ISR G2 feature 2911

Hello

I have a 2911 SRI with a safety license. I'm looking to add the functionality for 10 clients SSL VPN license.

So far, my provider helps not at all. They had me order FL-WEBVPN10-K9. A package arrived with who had this number on the sticker on the outside, but there was no information registration inside, no PAK, nada.

Can anyone help with describing the procedure to add this feature to the 2911?

From with in CCP, it seems that I can enter a PAK and then CCP will register and install the feature...?

What is the number of correct point for the feature of user 10 SSL VPN for the ISR G2?

The documentation I found so far indicates it is FL-SSLVPN10-K9

Thank you for any info to clarify this.

I sent you the PDF file.

Will there be improvements made to the features of VPN configuration and firewalls in the ACC?

Future versions of CCA will have the ability to set up the VPN site-to site on UC520s, UC540s and SR520s without having to use the Multisite Manager or CLI? With non-SBCS Cisco VPN products have a Cisco's GUI to configure site-to-site VPNs. The UC520, UC540 and SR520 are the only Cisco products (with the exception of products that have reached end of life status) who do not have this capability in a sort of Cisco's GUI (apart from the Multisite Manager of CCA 2.1 and later versions).

Future versions of CCA will allow you to modify the firewall on UC520s, UC540s and SR520s rules without having to resort to the CLI?

Almost all Cisco products, except for UC520, UC540 and SR520 series products, have a Cisco's GUI to configure these features. The SA520 and SA540, these features can be configured in the web GUI. The Cisco ISR, these features can be configured through SDM or CCP. CCA has always had the ability to fix UC520 unit, but he had not the possibility to fine-tune the settings of firewall and security, unlike the web interface SA500, SDM or CCP.

Reasons why having the skills to the CCA is important:
- These characteristics are indicated on the data of UC520, UC540 and SR520 sheets
- The opportunity to refine and verify access control lists in the ACC can accomplish the following:
  - Ability to comply with HIPAA, Sarbanes-Oxley, PCI, etc.
  - Improved troubleshooting
  - Eliminates the need to use CLI to refine or verify the firewall settings
- VPN site to site can currently be configured via CLI or the CCA Multisite Manager
- Multisite Manager CCA can be used for virtual private networks between UC500 or SR520s placed in front of UC500 units units
- CCA Multisite Manager cannot be used for VPN between autonomous SR520 units, or between a unit UC500 and endpoint non-UC500 (with the exception of a placed in front of a UC500 unit SR520)
- All images IOS Supportepar UC520 units, UC540 and SR520 routers have firewalls and VPN capabilities described here
Hi John,.

The ACC is a configuration tool for platforms that are part of the SBCS solutions. Multisite manager is the approach we take to configure a VPN site. Enchancements in customization of the firewall and access lists is something we plan to put on the roadmap. We will continue to improve the CCA to meet these requirements. We will schedule to get these features added in the 2010 calendar.

Thank you

Saurabh

ASA 5512 different route by VPN Group (VRF as feature?)

Hello

Here's what I'm trying to do. I have a Nexus 7000 with several of the VRF, simplicity lets call it A VRF, VRF B, VRF C. VRF A simulates a network of management and VRF B and C are customer environments. VRF B and C VRF will be overlap of intellectual property. I have a 5512 ASA I use VPN in the environment, it also provides internet access for applications that run in A VRF, (VRF B and C do not require internet access). What I want to do is to implement three different access VPN on the SAA even, where some users will have VPN 1 group policy and have access to the VRF has, but should not have access to the VRF B or C, same VPN 2 should have access to the VRF B and 3 C VRF VPN.

My original intent was to configure the ASA with 0/0 to internet Gig, Gig 0/1 A VRF and then Gig 0/2 sub interfaced so 0/2.10 is 10.10.10.1 in VLAN 101 that connects VRF B, 0/2.11 concert would be 10.10.10.1 in 102 VLAN that connects to VRF C. However, better than I can tell ASA 5512 is not aware of VRF (or is it just a separate license, I would need?) and as such, it is not possible.

Next similar reflection, but instad configure as 0/2.10 is 10.10.10.1 in VLAN 101 that connects VRF B, 0/2.11 concert would be 10.10.11.1 in 102 VLAN that connects to VRF C. However, I throw it here, issues as the VPN 2 and 3 need access to devices with the same IP address, which is even better I can tell, the ASA is not able to make Policy based routing.

Is there another way to do this? Is there something that I am on?
I need to make sure that the 2A VPN users can access services available in the VRF B, they should not have the ability to access (intentionally or not) services on VRF A or C, nor the users VPN 1 or 3.

I have also a 5585 ASA w / context multi license, I can then creates a context by VRF (that I have), I then interfaces in each correct the VRF-related context. However, I do not think that I can terminate VPN here, best I can tell when in multi-contexte mode you can not have VPN license.

Your research led you to conclude correctly that the ASA is neither compatible with VRF nor can it be based on routing strategies. Also, you cannot terminate remote access VPN on an ASA multi-contexte.

Doing what you ask a single AAS is a bit problematic. If you had a unique internal addresses, the subinterfaces would work fine.

Because it looks like you have a virtualization infrastructure, have you considered using the low cost ASAv? You could run multiple instances, one per VRF. Everyone knows only the public address space and its respective assocated VRF.

[ASA] VPN Clustering maximum features and Site to Site

I have a few questions about VPN Clustering with an ASA.

1. how many devices can be in a cluster?

2. I know that it is not possible to use the Site to Site VPN in a cluster, but near my cluster remote access VPN set a tunnel from Site to Site, which is not load balanced and terminated directly at the device of the cluster support?

To answer your questions: -.

(1) the max is 10 devices in a cluster

(2) Yes...

"Load balancing is effective only on remote sessions initiated with the Cisco VPN Client (version 3.0 and later), the material Cisco VPN 3002 (version 3.5 and later) Client or the ASA 5505 functioning as a simple customer VPN." All other customers, including LAN-to-LAN connections, can connect to a safety device on which load balancing is enabled, but cannot participate in the load balancing. »

HTH.

Feature IPSec VPN is not in router CISCO891-K9

I want to configure IPsec over GRE tunnel in CISCO891-K9 router. GRE tunnel works well, but I can not configure IPSEC. I found the command of ipsec isakmp or crypro encryption isn't here. The version of the CISCO891-K9 show is:

EFLWH-1 #sh worm

Cisco IOS software, software C890 (C890-UNIVERSALK9_NPE-M), Version 15.2 (4) M2, R SENSE SOFTWARE (fc2)

Technical support: http://www.cisco.com/techsupport

Copyright (c) 1986-2012 by Cisco Systems, Inc.

Updated Thursday, November 7, 12 and 23:11 by prod_rel_team

ROM: System Bootstrap, Version 12.4 YB3 (22r), RELEASE SOFTWARE (fc1)

EFLWH-1 uptime is 2 days, 19 hours, 24 minutes

System to regain the power ROM

System image file is "flash: c890-universalk9_npe - mz.152 - 4.M2.bin.

Last reload type: normal charging

Reload last reason: power

This product contains cryptographic features and is under the United States

States and local laws governing the import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third party approval to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. laws and local countries. By using this product you

agree to comply with the regulations and laws in force. If you are unable

to satisfy the United States and local laws, return the product.

A summary of U.S. laws governing Cisco cryptographic products to:

http://www.Cisco.com/WWL/export/crypto/tool/stqrg.html

If you need assistance please contact us by mail at

[email protected] / * /.

Cisco 891 (MPC8300) processor (revision 1.0) with 498688K / 25600K bytes of memory.

Card processor ID FGL170926DF

9 FastEthernet interfaces

1 gigabit Ethernet interface

Serial 1 interface

1 line of terminal

256K bytes of non-volatile configuration memory.

247464K bytes of ATA CompactFlash (read/write)

License info:

License IDU:

-------------------------------------------------

Device SN # PID

-------------------------------------------------

* FGL170926DF 0 CISCO891-K9

Information about the license for "c890.

License level: advipservices_npe Type: Permanent

Next reboot license level: advipservices_npe

Configuration register is 0 x 2102

Yes, it should work then.

--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni

VPN works with Sierra?

I understand that the VPN does not yet, with the Sierra

Is this a Bug? or, if this possibility has been deleted?

Can we expect support once again with one of the 10.12. # updates?

This is a very important feature to my office with it, we will not update for Sierra.

Thank you

VPNS work very well in Sierra as long as they don't use PPTP. Support for PPTP has been removed because it is not safe. By using a PPTP based VPN is useless. Your data is not safe.

How to configure the IKEv2 VPN on Mac OS Server 10.12

IKEv2 is mentioned in the release notes for Server 5.2 but I can't find instructions anywhere are related. Anyone know where I could find a tutorial to set up?

If you are referring to.

• New IKEv2 authentication method option or specify IPSec disconnect on timeout for VPN

Then it is a new feature for the profile on Server.app Manager is not a new feature of the VPN on Server.app server. You will need to use a different non-Apple supplied VPN server in order to implement IKEv2.

Note: as customers El Capitan or later, and iOS 9 or later support IKEv2. (iOS 8 had limited support.)

VPN connection error - pppd limited

Hi I think I have a problem with OX, the captain and the networks, I sail perfectly with the team but since update stops running the VPN, I tried the possibility to go to recovery mode to 'disable csrutil' then ' sudo chmod u + s / usr / sbin / pppd "but it does not work when you use Netextender or FortiClient." I have another Mac with Lion and works properly the only difference I notice in the file 'pppd' Captain makes me 'limited, compressed' and only 'compressed' Lion I put a photo and a newspaper of netextender:

15/09/2016 10:15:59.271 [603 General info] NetExtender 8.1.788 for Mac OS X initialized

15/09/2016 path of the bundle app NetExtender 10:15:59.299 [General info 603] = /Applications/NetExtender.app

15/09/2016 createLogPanel() 10:16:01.045 [gui info 603]

15/09/2016 10:16:01.730 [config info 603] loading saved profiles...

15/09/2016 10:16:16.507 [connect info 603] user: "prueba".

15/09/2016 10:16:16.507 [connect info 603] domain: "abcd.hos."

15/09/2016 10:16:16.509 [connect info 603] Server: 'vpn.abcd.es:444 '.

15/09/2016 10:16:16.581 [603 general notice] connection to vpn.abcd.es:444...

15/09/2016 10:16:16.820 [General error 603] ERROR: SSL_connect: Undefined error: 0 (0)

15/09/2016 10:16:16.821 [General notice 603] retry...

15/09/2016 10:16:16.822 [General error 603] ERROR: SSL_connect: Undefined error: 0 (0)

15/09/2016 10:16:16.823 [General error 603] authentication failed: connection failed. See the log for more details.

15/09/2016 10:16:16.823 [General error 603] NetExtender connection failed.

15/09/2016 10:16:16.823 [General notice 603] SSL VPN disconnect...

15/09/2016 10:16:17.058 [General error 603] ERROR: SSL_connect: Undefined error: 0 (0)

15/09/2016 10:16:17.058 [General notice 603] retry...

15/09/2016 10:16:17.060 [General error 603] ERROR: SSL_connect: Undefined error: 0 (0)

15/09/2016 10:16:17.061 [General error 603] disconnect command failed

15/09/2016 10:16:17.063 [General notice 603] SSL VPN connection is completed.

15/09/2016 10:16:17.063 [config info 603] loading saved profiles...

15/09/2016 10:16:17.065 [gui info 603] connection failed. See the log for more details.

I think that the problem is a network file or because I put the wrong password and I cannot detect this error. as I said the VPN working properly with another MAC using the same network.

Help...

You shouldn't be messing with the security features of the operating system.

Problems may have to do with the network, or client software that you use.

I start by making sure all the software are updated and then create a new entry, vpn, double control system that everything has been entered correctly.

FWIW, I use the built-in features of VPN on El Capitan to connect to my University regularly and without problem.

I'm not familiar with "Fortinet", and I suspect that you may need to be updated, or simply use the built-in VPN.

ISR4331 - features VPN

Similar Questions

Maybe you are looking for