IPsec dial up VPN using virtual ip

Forum|Forum|11 months ago
May 29, 2025
1 reply
614 views

I am trying to get a IPsec dialup VPN accessible from two interfaces WAN and LAN3.

Currently the IPSec VPN listens on WAN and that works well.

I have added a virtual ip on the LAN3 interface mapping from the public IP to WAN IP and created a firewall policy using this VIP.

With this in place the IPSec VPN will connect from LAN3 however no traffic flows across the tunnel.

Any idea what I am missing?

kaman

Staff

Hi s3,

Please verify with Policy (IPSEC to Lan), and IP POOL, if VIP is added on the multiple policies with outgoing 'Wan Interface'.

Check If the WAN interface is associated with VIP policy or not, then specify with IPSEC Interface instead of WAN Interface on IP POOL.

Confirm that there is a firewall policy allowing traffic from the LAN3 interface to the IPsec VPN.

Please refer to the document below and verify the details if the issue persists, please run the debug commands and share us the output for further analysis:

https://community.fortinet.com/t5/FortiGate/Setting-up-a-VIP-address-for-dialup-ipsec-VPN-between-FortiGate/ta-p/191948

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPSEC-Dial-up-VPN-over-VIP-to-access-the/ta-p/374831

If you have found a solution, please like and accept it to make it easily accessible to others.

Regards,
Aman

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded