Skip to main content
PaulWT
PaulWT
New Member
August 14, 2025
Question

IPSec VPN to different internal interfaces

  • August 14, 2025
  • 1 reply
  • 812 views

I've inherited a FortiGate 60F running 7.6.1. This is my first exposure to Fortigate as previously its's been Cisco Firepower and Palo Alto.

 

It currently has an IPSEC VPN allowing users access to one of the internal interfaces. Auth is currently carried out via LDAP. 

 

Is it possible to allow access to a different internal interface as the same time using a different credentials?

 

If so how?

1 reply

dingjerry_FTNT
Staff
dingjerry_FTNT
Staff
August 14, 2025

Hi @PaulWT ,

 

First of all, what type of IPSec VPN is it?  Site to site? Dial up?

PaulWT
PaulWTAuthor
New Member
August 15, 2025

It's a Dial Up

dingjerry_FTNT
Staff
dingjerry_FTNT
Staff
August 15, 2025

Hi @PaulWT ,

 

For Dialup IPSec VPN, the user authentication is done in Phase 1. 

 

So I don't think that you can split the users for traffic control if using one dial-up IPSec VPN.

 

A workaround is to use multiple dial-up IPSec VPN tunnels with different peer IDs, in Interface mode.

 

Then you can create different firewall policies with those different IPSec VPN tunnels to control the traffic flow.

 

Here is the article on how to select one dial-up IPsec VPN tunnel with peer IDs on FGT:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-Peer-IDs-to-select-an-IPsec-dialup/ta-p/192292

Terms & ConditionsAccessibility statement