Hi Team,
Recently, Fortinet has removed or changed multiple features, and some of the previously available configurations are no longer supported. This impacts our technical setup and limits our ability to achieve the required VPN configuration.
Earlier, we had the following working configuration for Remote Access IPsec VPN:
Authentication via LDAP
IP assignment through Internal DHCP Server (DHCP over IPsec)
IKEv1 – Aggressive Mode
Full Tunnel mode
Using FortiClient 7.4.1
This setup was functioning successfully without major issues, except that Split Tunnel could not be enabled due to conflicts affecting the internal DHCP server.
Now we want to understand how we can achieve all requirements in a single IPsec configuration, with the latest Fortinet restrictions:
New Requirements
Use IKEv2 instead of IKEv1
Obtain VPN client IP from our internal DHCP server
Continue using LDAP credentials for VPN authentication
Support both Full Tunnel and Split Tunnel modes
Request
Please advise how we can achieve all of the above in a single IPsec setup, or if any architectural changes are required under the new Fortinet limitations.
Thank you.
