Skip to main content
Raffael_Hotz
Raffael_Hotz
New Member
May 26, 2021
Question

2 VPN Dial-Up FGT connects to same VPN interface

  • May 26, 2021
  • 3 replies
  • 4084 views

Hello all,

i have a strange thing going on here and I cannot help myself and need some help. I have my main FGT where I want to connect 2 DialUp FGTs. I have 2 different Dial-Up VPNs on my main with 2 different tunnel interfaces with different IPs and destinations. The DialUp FGTs have the right tunnel IP and destination tunnel IP... Both DialUp come with another public IP but in the end both end up in the same VPN like VPN-Tunnel1_0 and VPN-Tunnel_1 but DialUp 2 should use VPN-Tunnel2 of course.

There is no static routing, everything is done by OSPF.

What is even more stronge, until last night it worked.

 

I Have no clue why it changed. I tried to set Peer-ID but they just use the first VPN Tunnel interface. Is there anything I may have changed or am I missin something?

Thanks

Raffa

    3 replies

    Raffael_Hotz
    Raffael_HotzAuthor
    New Member
    May 26, 2021

    well - it looks like they cannot have the same psk.

    problem solved

    jorge_americo
    jorge_americo
    New Member
    May 26, 2021

    is this your scenario?

    https://kb.fortinet.com/k...nk.do?externalID=10114

    jorge_americo
    jorge_americo
    New Member
    May 26, 2021

    Allright

    my screen was out of date, good job

     

    sw2090
    SuperUser
    sw2090
    SuperUser
    May 27, 2021

    looks somehow mixed up.

    DialUp is tied to an interface on the FGT but does not have a defined remote end.

    If you have more than one dial up tied to the same interface you have to give the FGT a way the find the correct one.

    This can be done using unique p1/p2 proposals, limiting the ipsec to a specific peerid or even an unique psk.

    Otherwise an incoming connection will not match any or will match some wroing ipsec and in consequence will fail.

     

    Terms & ConditionsAccessibility statement