Skip to main content
mcegielka
mcegielka
Explorer
January 11, 2016
Solved

IP address assignment in policy-based VPN.

  • January 11, 2016
  • 1 reply
  • 3615 views

Hi all!

 

I'm currently using FortiGate 800C with firmware v5.2.1 in transparent mode and created one Ipsec VPN tunnel. Is it possible to automatically assign IP addresses to VPN clients with FortiClients? I've checked "set assign-ip-from", "set mode-cfg" and "set dhcp-ipsec", but all seem unavailable in policy-based VPNs.

 

Thanks!

 

Best answer by emnoc

Your in transparent mode? PB-vpn are defined by policies for src/dst subnets. Never heard or any fortigate  capable of operating a vpn-server in PB-vpns.

 

1 reply

emnoc
emnocAnswer
New Member
January 11, 2016

Your in transparent mode? PB-vpn are defined by policies for src/dst subnets. Never heard or any fortigate  capable of operating a vpn-server in PB-vpns.

 

mcegielka
mcegielkaAuthor
Explorer
January 11, 2016

Hello, and thanks for answer.

 

emnoc wrote:

Your in transparent mode? PB-vpn are defined by policies for src/dst subnets. Never heard or any fortigate  capable of operating a vpn-server in PB-vpns.

 

I would call FG unit with defined PB-VPN a vpn-server :) Did you mean dhcp-server?

 

I've found following setting:

config system settings  set dhcp-proxy enable but still don't see any chance of using it in PB-VPN.   To add to confusion I've found following description of DHCP over Ipsec: http://docs-legacy.fortinet.com/fos50hlp/52/index.html#page/FortiOS%25205.2%2520Help/phase2.103.14.html
DHCP-IPsec Select this option if the FortiGate unit assigns VIP addresses to FortiClient dialup clients through a DHCP server or relay. This option is available only if the Remote Gateway in the Phase 1 configuration is set to Dialup User and it works only on policy-based VPNs.
 
Terms & ConditionsAccessibility statement