Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nevan
Staff
Staff

Created on ‎03-02-2025 10:05 PM Edited on ‎12-30-2025 07:28 AM By Community Manager

Article Id 379389

Technical Tip: How to check the assigned IP address for the IPSec dial up client

Description This article describes how to check the IPv4/IPv6 addresses assigned dynamically to the IPSec VPN client after configuring the client address for the remote access IPSec VPN.
Scope FortiGate.
Solution

To configure the IPSec dial-up tunnel the following KB articles can be followed:

 

Option 1:


Once configured, check if the VPN server is assigning the correct client address through the remote access tunnel by using the steps outlined in Technical Tip: Understanding IPsec (iked) debug logs.

 

In the debug field, the following sample reports will appear for IPv4/IPv6 address and DNS assignment for the remote VPN client according to the client address configuration.

 

IPv4:

 

2025-02-27 14:29:44.434149 ike 0:VPN_1:2731: processed INITIAL-CONTACT
2025-02-27 14:29:44.434167 ike 0:VPN_1:2731: mode-cfg assigned (1) IPv4 address 10.144.113.10
2025-02-27 14:29:44.434169 ike 0:VPN_1:2731: mode-cfg assigned (2) IPv4 netmask 255.255.255.255
2025-02-27 14:29:44.434173 ike 0:VPN_1:2731: mode-cfg send (13) 0:10.0.50.6/255.255.255.255:0
2025-02-27 14:29:44.434175 ike 0:VPN_1:2731: mode-cfg send (13) 0:217.173.195.70/255.255.255.255:0
2025-02-27 14:29:44.434177 ike 0:VPN_1:2731: mode-cfg send (13) 0:10.0.50.101/255.255.255.255:0
2025-02-27 14:29:44.434179 ike 0:VPN_1:2731: mode-cfg send (13) 0:10.0.50.102/255.255.255.255:0
2025-02-27 14:29:44.434183 ike 0:VPN_1:2731: mode-cfg send (3) IPv4 DNS(1) 10.0.66.131
2025-02-27 14:29:44.434184 ike 0:VPN_1:2731: mode-cfg send (3) IPv4 DNS(2) 10.0.66.132

 

IPv6:

 

2025-02-27 14:29:44.434186 ike 0:VPN_1:2731: mode-cfg assigned (8) IPv6 address  

2a03:9330:1:9113::10/128
2025-02-27 14:29:44.434190 ike 0:VPN_1:2731: mode-cfg send INTERNAL_IP6_SUBNET 0:2a03:9330:1:20::70/128:0
2025-02-27 14:29:44.434192 ike 0:VPN_1:2731: mode-cfg send INTERNAL_IP6_SUBNET 0:2a03:9330:1:50::6/128:0
2025-02-27 14:29:44.434194 ike 0:VPN_1:2731: mode-cfg send INTERNAL_IP6_SUBNET 0:2a03:9330:1:50::101/128:0
2025-02-27 14:29:44.434196 ike 0:VPN_1:2731: mode-cfg send INTERNAL_IP6_SUBNET 0:2a03:9330:1:50::102/128:0
2025-02-27 14:29:44.434198 ike 0:VPN_1:2731: mode-cfg send (10) IPv6 DNS(1) 2a03:9330:1:50::121
2025-02-27 14:29:44.434200 ike 0:VPN_1:2731: mode-cfg send (10) IPv6 DNS(2) 2a03:9330:1:50::122

 

If the tunnel is being configured for the FortiClient and the client does not receive the IPv6, follow the steps outlined in Technical Tip: Not receiving an IPv6 address from Dialup IPsec tunnel on FortiClient.

 

Option 2:

 

Under Log & Report -> System Events -> VPN Events, apply a filter and set 'Remote IP' to the user's public IP address, then look for 'Assigned IP' in the tunnel-up log.

 

Assigned_IP.JPG

 

Option 3:

 

Another option to have the user and the IP address assigned to the tunnel is to run the following commands:

 

For IKEv1:

 

FGT# get vpn ike gateway | grep "xauth-user\|assigned"
xauth-user: guest
assigned IP address: 192.168.225.1/255.255.255.255

 

For IKEv2:

 

FGT # get vpn ike gateway | grep "eap-user\|assigned"
eap-user: guest
assigned IP address: 192.168.225.1/255.255.255.255
1835
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.