Fortinet continuous VPN from client

Fortinet - Setup continuous VPN 

Hi, If you want to setup the VPN  to be connected for a long time then you can do this in two ways

•  Set keepalive on tunnel mode.
•  set keepalive only for particular user
•  set keepalive only for set of user

First decide, to whom you want to permit Continuous 

Remote access VPN as it is can bring security issue

Set keepalive on tunnel mode:

To permit Continous VPN to all users, then configure 

it on global Ipsec mode, for this 

config vpn ipsec phase2-interface //name of phase

     edit "IOS-IPSEC"  // name of vpn 

        set keepalive enable

end

set keepalive only for particular user :

To permit only for a particular group of users then first add users to the desired group, then

config vpn ssl web portal

     config user group

        edit "continous vpn group"

        set keepalive enable

end

set keepalive only for set of user:

To permit only for a particular user, then

config vpn ssl web portal

     config user local

        edit " user"

        set kepalive enable

end

Hope it solves your issue, if not , do comment and lets solve it together.

Thanks

Router stops responding / sending traffic due to ARP

Cisco Router stops sending / Recieving traffic despite of interfaces being in  up/up state ???

First things first, check if the routing protocols,NAT and ACL are properly configured.
Ping to Default Gateway, if it is pinging properly then check if the configurations are correct and still router is not sending /receiving traffic then ARP could be flooded !

Cisco uses default arp  timeout as 14400 but some time it gets flushed

First to be sure if this is the scenario, check

                                           Router<Config># sh cpu process history

If ARP is getting flooded then the first or second most used process will be for ARP.check for memory as well as shown in below pic

Router#Show proc mem sorted

If the memory is getting completely utilized and ARP is the most used process then you need to flush the ARP records manually. you can do this using the below command.

Router<Config># arp timeout 14400

This command is used to refresh ARP after every 4 hours.

Setup Auto-Connect ,Keep alive VPN using fortinet

Auto-connect, Keep-Alive, Save password in forticlient -Fortigate

There are two ways in which you can set autoconnet, keep alive vpn

•   Configuration using GUI
•   Configuration using CLI

Configuration using CLI:

To make auto connect vpn , we need to configure
it in two places

• Global SSL Settings
• SSL web portal

Configuation in Global SSL Settings:-

Enter into global ssl setting using

• config vpn ssl settings

Type the following below commands 

• set idle-timeout 0
• set auth-timeout 0
• end

This commands keep restricts from timeout exit.

Configuration SSL web portal 

Use the below commands 

• config vpn ssl web portal
• check where is the setting and enter it, usually it is "web-access"
•  edit "web-access"

then check where is ur vpn configuration

•   edit 4
•     set auto-connect enable
•     set keep-alive enable
•     set save-password enable
•  end

thats it! after this you should be seeing the keep alive and autoconnect

CRYPTO or Security Commands in 1900 Cisco Router

                

        CRYPTO or Security Commands in 1900 Cisco Router

Hello guys. 

In this blog we will check how to add crypto command in 1900 cisco router.

By default security license is not enabled in 1900 router, You need to manually add the license .

As you can see in above pic that crypto commands are not shown.
To enable crypto and security license please type in the config mode type :

Config}# license boot module c1900 technology-package securityk9

                         This will enable the security license 

Hit enter and this will ask you to accept the agreement, Type "Yes" and enter. 

Save the configuration by "wr" command and reload the router.

After router boots up, all security and crypto commands will be shown.

Thanks !!