Multiple FortiClientVPN IPsec Connections from same ISP/IP address???

Could someone please lend some feedback ? The Cisco VPN client can do this all day long (mult sessions/same IP). Is this something I should know and is there a configuration to resolve ? Thank you

Hi, In CLI, you will find this on the Phase2-interface: route-overlap {overlap_option} Specify how FortiGate unit handles multiple dialup users with the same IP source address. Set overlap_option to one of the following: • allow — allow overlapping routes • use-new — delete the old route and add the new route • use-old — use the old route and do not add the new route Default is " use-new" , you should change this to " allow"

Many thanks Selective. I' ll hit the CLI manual harder in the future. Again, Thank you

Are you sure about that one? I think the easier fix is to use main mode instead of aggressive mode isn' t it?

Could be, i never had this problem. This is what the CLI manual says.

No Main mode for dial-in clients as their host address is not known in advance. What the phase 2 setting will do is create a route to a subnet instead of a single source address (x.y.z.n/32) to route the tunnel traffic back. Multiple clients are then separated by the tunnel ID (SPI). Never had to deal with such a situation but it could occur anytime if more than one road warrior stays at the same hotel. Please let us know if it works.

Thanks all, Changing the route-overlap to ' allow' worked like a champ for Tunnel-mode/Agressive configuration for multiple FortiClient VPN sessions with the same source address. Also applied the same parameter to an Interface-mode/Main Mode configuration for iPhone VPN, but haven' t tested duplication yet - I am the only/first user. Thanks again

Weehoo !!