Created on
‎04-16-2020
07:02 AM
Edited on
‎01-20-2025
01:54 AM
By
Jean-Philippe_P
Description | This article describes the steps to create a DHCP IP address reservation with Dial-up IPsec VPN. |
Scope | FortiGate. |
Solution |
GUI configuration.
Apply the following settings:
Note: The MAC address should be the local adapter i.e. Ethernet/WiFi, not the Fortinet SSL VPN Virtual Adapter.
5. Select OK on the following screen:
Note: Select the 'Enable IPv4 Split Tunnel' to forward to the tunnel just the traffic to the desired networks. If this option remains disabled, all the client host traffic will be forwarded through the tunnel.
CLI configuration.
config vpn ipsec phase1-interface next
config vpn ipsec phase2-interface
Results: The reserved IP address will be assigned to the client host that matches the MAC address informed.
Note: When mode-cfg is disabled, the split tunneling will not work since 'ipv4-split-include' will be unavailable.
Related articles: Technical Note: DHCP IP address reservation with Dial up IPsec VPN Technical Tip: DHCP IP address configuration with Dial up IPsec VPN under VPN tunnel |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.