Request for Solution: IKEv2 IPsec VPN with DHCP, LDAP, Split Tunnel

Question

Hi Team,Recently, Fortinet has removed or changed multiple features, and some of the previously available configurations are no longer supported. This impacts our technical setup and limits our ability to achieve the required VPN configuration.Earlier, we had the following working configuration for Remote Access IPsec VPN:Authentication via LDAPIP assignment through Internal DHCP Server (DHCP over IPsec)IKEv1 – Aggressive ModeFull Tunnel modeUsing FortiClient 7.4.1This setup was functioning successfully without major issues, except that Split Tunnel could not be enabled due to conflicts affecting the internal DHCP server.Now we want to understand how we can achieve all requirements in a single IPsec configuration, with the latest Fortinet restrictions:New RequirementsUse IKEv2 instead of IKEv1Obtain VPN client IP from our internal DHCP serverContinue using LDAP credentials for VPN authenticationSupport both Full Tunnel and Split Tunnel modesRequestPlease advise how we can achieve all of the above in a single IPsec setup, or if any architectural changes are required under the new Fortinet limitations.Thank you.

funkylicious · Answer

hi,have a read athttps://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-IPsec-dialup-VPN-using-ikev2-with/ta-p/191367https://docs.fortinet.com/document/fortigate/7.6.0/ssl-vpn-to-ipsec-vpn-migration/661338/full-tunneling-versus-split-tunnelinghttps://docs.fortinet.com/document/fortigate/7.6.4/administration-guide/442351/ldap-authentication-with-ikev2-using-udp-or-tcp-as-transporthttps://community.fortinet.com/t5/FortiGate/Technical-Tip-IKEv2-dial-up-VPN-with-LDAP-authentication/ta-p/394380

New Requirements

Request

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded