Technical Tip: Build Dialup IPsec tunnel using IPSec Templates on FortiManager
Description
This article describes how to build a Dialup IPsec tunnel using IPSec Templates in FortiManager.
Scope
FortiManager.
Solution
There are 2 scenarios to configure VPN and control access to specific networks:
- Using peerid and building a separate phase1 interface for each protected subnet (phase 2 selector of dialup server).
- Managing access using Xauth and firewall policies.
Configure IPsec template for Dialup VPN:
- Select 'Create New' under Device Manager -> Provisioning Templates -> IPSec Tunnel.
- Set 'Name' of the template and then select 'Create New' to start configuring the IPsec tunnel.
- Configure phase1 and phase2 using the following details in the screenshot.
Phase1:
Note:
The address object used for the 'IPv4 client IP range' should have the 'type' set to 'IP Range'. Otherwise, the installation will fail.
Phase2:
- Install device settings on the FortiGate, and the IPsec configuration will be done.
- Device manager will show the IPsec tunnel and map it to a normalized interface.
- Use the normalized interface in firewall policies to allow access.
