Skip to main content
BKR
BKR
Explorer II
June 2, 2025
Solved

VPN access to specific subnet or device

  • June 2, 2025
  • 2 replies
  • 1563 views

Hello community,

 

I tried many ways to configure IPsec vpn to access only a specific subnet, but all have failed.

Can you guide to how to configure such connection.

 

Thank you!

Best answer by funkylicious

then i would suggest configuring both ipsec tunnels with ikev1, aggressive mode and use of peerid to differentiate upon connection, which you would need to configure also in FortiClient in order for the client to connect to the correct one and use different ip allocation/subnet/range for tunnel.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-Peer-IDs-to-select-an-IPsec-dialup/ta-p/192292 

2 replies

funkylicious
SuperUser
funkylicious
SuperUser
June 2, 2025

hi,

you can follow this guide, https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enable-split-tunnel-For-IPsec-VPN/ta-p/192266 

"jack of all trades, master of none"
BKR
BKRAuthor
Explorer II
June 3, 2025

Hello,

 

Thank you it was useful for me; but now I have another problem,

 

1- FortiGate VM-64 v7.4.7

2- IPsec is up and I managed to access the specified subnet and no other as needed, now I have another issue, since I have a separate firewall policy for the "specific address vpn" that I have just created. When the policy is enabled I can't connect to normal vpn where I can have access to my full network.

 

Regards,

funkylicious
SuperUser
funkylicious
SuperUser
June 3, 2025

hi,

so you basically have 2 VPN tunnels configured ?

"jack of all trades, master of none"
dingjerry_FTNT
Staff
dingjerry_FTNT
Staff
June 3, 2025

Hi @BKR ,

 

You need to provide more detailed info.

 

1) What is your FGT firmware version?

2) Is the IPSec VPN up?  

3) If not, please provide the IPSec VPN configuration and IKE debug.

Please check this article for IPSec VPN debug:

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPN-tunnels/ta-p/195955

 

4) If IPSec VPN is up, please elaborate on what you mean by "failed".

 

You may need to run debug flow commands and reproduce this issue again to collect outputs.

 

Since you did not share your FGT firmware version, I have to share the debug flow info with the latest firmware version:

 

https://docs.fortinet.com/document/fortigate/7.6.3/administration-guide/38044/using-the-debug-flow-tool

 

 

BKR
BKRAuthor
Explorer II
June 3, 2025

Hello,

1- FortiGate VM-64 v7.4.7

2- Yes, IPsec is up and I managed to access the specified subnet as needed but now I have another issue, since I have a separate firewall policy for the "specific address vpn" that I have just created. When the policy is enabled I can't connect to normal vpn where I can have access to my full network.

 

Regards,

Terms & ConditionsAccessibility statement