ymasaki
Staff
Created on
10-30-2019
03:05 AM
Edited on
01-29-2025
04:04 PM
By
aquilingan
Article Id
197667
Description
This article describes how to configure Dial-up VPN between two FortiGates.
Scope
FortiGate.
Solution
The FortiGate can be configured to have a point-to-multipoint Dial-up VPN.
Here is the Step by Step guide:
Note:
Dial-up Configuration between FortiGate to FortiGate as a Remote Gateway as 'Dial-up User'.
Select Site to Site with NAT configuration, the remote site is behind NAT, and then a VPN is automatically created with the Dial-up user.
- Phase 1 Configuration (Dial-up Server and Client):

Note:
For versions above v7.2.8, only one DH group should be selected on both Phase 1 and 2 between FortiGate and FortiClient, when configuring IPsec Dial-up in aggressive mode. In the above screenshots, 14 and 5 are checked but need to only select one of them on both sides i.e. FortiGate and FortiClient.
- Phase 2 Selectors Configuration (Dial-up Server and Client):

- Firewall Policies for VPN:

- Static and Dynamic Routes for Dial-up VPN:

Note:
IPSec Wizard can also be used to set up a Dial-up VPN between two FortiGates.
Related document: