Skip to main content
jimson8
jimson8
New Member
March 25, 2026
Question

IPSEC Dial up Routing Issues

  • March 25, 2026
  • 2 replies
  • 222 views

I am working on relaxing our SSL VPN with IPSEC. currently running 7.2.12 on the FG (azure vm) and using the free FTC 7.4.3.

IPSEC is configured with split tunneling, accessible networks is using an address group and all members are subnets. Connection on all FTC apps was imported from a config file.

ISSUE: some devices are getting a 0.0.0.0 route pointing to the ipsec tunnel. other devices are getting the correct routes when connecting.

any ideas what would cause some devices to not get the correct routes?

2 replies

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
March 25, 2026

Which side do you have the address group to split the tunnel; policies or portal?
And do you have multiple groups for the same dialup IPsec users?

Toshi

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
March 26, 2026

Sorry. I meant to ask either "policies or IPsec phase1-interface" config. I mixed up with SSLVPN.

 

Toshi

hpenmetsa
Staff
hpenmetsa
Staff
March 26, 2026

Hi, which subnets do you add to the IPsec phase 1 config, Accessible networks? If possible, please share the address group here?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enable-split-tunnel-For-IPsec-VPN/ta-p/192266

Terms & ConditionsAccessibility statement