I'm setting up an IPSEC VPN tunnel between a fortinet and a Windows 2008 R2 server. Using the Windows Advanced Firewall I've been able to create the main and quick mode encryption settings. However when I setup the actual rule I'm only able to set 1 policy using a pre-shared key. Is there a way to manually do this using NETSH? On the firewall side I can see that I'm getting a successful negotiation of the Phase 1 conversation, but Phase 2 fails. This seems to be different from Windows 2008.

The NETSH command to create a connection security rule in Windows 2008 R2 using PSK is: netsh advfirewall consec add rule name="Authentication Test" endpoint1=any endpoint2=any action=requestinrequestout auth1=computerpsk auth1psk=test The example creates a consec rule with first authentication set to PSK and the second authentication is disabled. If you want to enable the second authentication then you need to specify the auth2= command. ComputerPSK is only available during the first authentication and can not be used for the second authentication. /Hasain

Hello Matthew, i'm trying to do the same here, but i have the oproblem with that i never get to phase2. i never get the windows 2008r2 server to respond, is it possible for you to put together a small how-to what you did on both sides (fortigate and windows2008r2). i would be very grateful. maybe som other people out there too :) Thanks in advance.

But i think it is enough with what you do on the windows side. if you make a how-to :)