Dialup VPN Users unable to connect using IPSec

I have been trying to get Dialup VPN users connect via IPSec on a fortigate 80F firewall device but the vpn client cannot reach any internal network. Ping to 192.168.4.x shows request timed out.

I have double checked the configurations thoroughly but could not find any issues on the ipsec tunnel setup or firewall policy. 

show vpn ipsec phase1-interface Dialup_VPN

//

config vpn ipsec phase1-interface
edit "Dialup_VPN"
set type dynamic
set interface "wan1"
set mode aggressive
set peertype any
set net-device disable
set mode-cfg enable
set ipv4-dns-server1 192.168.4.3
set ipv4-dns-server2 10.61.50.3
set proposal aes256-sha256
set dpd on-idle
set dhgrp 14
set xauthtype auto
set authusrgrp "vpngroup"
set ipv4-start-ip 172.16.2.10
set ipv4-end-ip 172.16.2.50
set ipv4-netmask 255.255.255.0
set ipv4-split-include "MAF_Servers"
set psksecret ENC 1KvTP2fJpmTD24X4AvgNLfMByHhIF5Ajxnr4iofvNF0iXUQt0lxHgModqbtzPRg3Pw1W45otRTxZpRzpqh7pgGQ68CkUucW1pZMv82xUtwXxGqyyQEJqPXRh/QpUDf8OrOozkcpNE43+8ZhMMjUU187ma4WKUmdLjOAHRGWXQ38h2sDs08tvNcRRpEc3PaQuu658AQ==
set dpd-retryinterval 60
next
end

//

show vpn ipsec phase2-interface

//

edit "Dialup_VPN_P2"
set phase1name "Dialup_VPN"
set proposal aes256-sha256
set dhgrp 14
next

//

I have checked the firewall policy but could not find any issues there as well.

show firewall policy 30

//

config firewall policy
edit 30
set name "Dialup_VPN to Internal"
set uuid 9042914e-1937-51f1-ea56-9e0361501bba
set srcintf "Dialup_VPN"
set dstintf "internal2"
set action accept
set srcaddr "all"
set dstaddr "GPS_DC" "GPSDXB1" "MAF_Servers"
set schedule "always"
set service "ALL"
set logtraffic all
next
end 

show firewall address MAF_Servers

//
config firewall address
edit "MAF_Servers"
set uuid 7c3a9f7e-196a-51f1-ae81-5f5d54e33e54
set subnet 192.168.4.0 255.255.255.0
next
end

//

The VPN client gets connected and shows as below  

ipconfig /all

//

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Fortinet Virtual Ethernet Adapter (NDIS 6.30)
Physical Address. . . . . . . . . : 00-09-0F-FE-00-01
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cfe2:565f:ac3b:659a%59(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.2.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 07 March 2026 13:19:32
Lease Expires . . . . . . . . . . : 14 April 2162 02:39:14
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 172.16.2.11
DHCPv6 IAID . . . . . . . . . . . : 989858063
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2F-36-6D-C3-BC-F1-71-9E-95-99
DNS Servers . . . . . . . . . . . : 192.168.4.3
10.61.50.3
NetBIOS over Tcpip. . . . . . . . : Enabled

//

route print 

//

Network Destination Netmask Gateway Interface Metric

172.16.2.10 255.255.255.255 On-link 172.16.2.10 257
172.16.2.255 255.255.255.255 On-link 172.16.2.10 257

As you will see I am using LAN(internal2) for the outgoing interface on the firewall policy. This physical interface is actually used to setup multiple VLANS as a trunk port to a core switch. 

get system interface physical

//

==[internal2]
mode: static
ip: 0.0.0.0 0.0.0.0
ipv6: ::/0
status: up
speed: 1000Mbps (Duplex: full)
FEC: none
FEC_cap: none

 //

show system interface

//

edit "VLAN_Servers"
set vdom "root"
set ip 192.168.4.1 255.255.255.0
set allowaccess ping https ssh http
set device-identification enable
set role lan
set snmp-index 18
set interface "internal2"
set vlanid 20
next

//

I also tried setting the Dialup VPN using SSL and it worked properly but donot prefer to use it since a fortinet guy told it is not secure and is being discontinued in new models.