IPsec IKEv1 Phase 2 rejected by FortiGate (PFS enabled) - Quick Mode sent withou

[lmoore]

When configuring the FortiGate with IPSEC in Policy Based mode, you require seperate P2's for each subnet, which works fine when FortiGates are at each end.

FortiNet introduced IPSEC interface mode quite a long time ago. The adavantage is that you only have one P2 configuration and you control network access via FortiGate's standard interface policies.

My advice is to convert the FortiGate Policy based IPSEC configurations to Interface based configurations and set up appropriate Interface policies. The changes should be made using the CLI, either via SSH or the CLI in their Web GUI.

As you appear to be using NAT-T for IPSEC, your last resort would be to download and install FortiClient VPN Only edition (free version) on a supported platform and configure IPSEC there.