Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nevan
Staff
Staff

Created on ‎03-02-2025 10:05 PM Edited on ‎05-22-2025 10:42 PM By Community Manager

Article Id 379389

Technical Tip: How to check the assigned IP address for the IPSec dial up client

Description This article describes how to check the IPv4/IPv6 addresses assigned dynamically to the IPSec VPN client after configuring the client address for the remote access IPSec VPN.
Scope FortiGate.
Solution

To configure the IPSec dial-up tunnel the following KB articles can be followed:
Technical Tip: IPsec dial-up full tunnel with FortiClient
Technical Tip: How to configure a FortiGate as IPsec VPN Dial-Up client when FortiGate is not behind...


Once configured, it can be checked if the VPN server is assigning the correct client address through the remote access tunnel by the IKE debug

From the debug field the following sample reports will appear for IPv4/IPv6 address and DNS assignment for the remote VPN client according to the client address configuration.

 

IPv4:

 

2025-02-27 14:29:44.434149 ike 0:VPN_1:2731: processed INITIAL-CONTACT
2025-02-27 14:29:44.434167 ike 0:VPN_1:2731: mode-cfg assigned (1) IPv4 address 10.144.113.10
2025-02-27 14:29:44.434169 ike 0:VPN_1:2731: mode-cfg assigned (2) IPv4 netmask 255.255.255.255
2025-02-27 14:29:44.434173 ike 0:VPN_1:2731: mode-cfg send (13) 0:10.0.50.6/255.255.255.255:0
2025-02-27 14:29:44.434175 ike 0:VPN_1:2731: mode-cfg send (13) 0:217.173.195.70/255.255.255.255:0
2025-02-27 14:29:44.434177 ike 0:VPN_1:2731: mode-cfg send (13) 0:10.0.50.101/255.255.255.255:0
2025-02-27 14:29:44.434179 ike 0:VPN_1:2731: mode-cfg send (13) 0:10.0.50.102/255.255.255.255:0
2025-02-27 14:29:44.434183 ike 0:VPN_1:2731: mode-cfg send (3) IPv4 DNS(1) 10.0.66.131
2025-02-27 14:29:44.434184 ike 0:VPN_1:2731: mode-cfg send (3) IPv4 DNS(2) 10.0.66.132

 

IPv6:

 

2025-02-27 14:29:44.434186 ike 0:VPN_1:2731: mode-cfg assigned (8) IPv6 address  

2a03:9330:1:9113::10/128
2025-02-27 14:29:44.434190 ike 0:VPN_1:2731: mode-cfg send INTERNAL_IP6_SUBNET 0:2a03:9330:1:20::70/128:0
2025-02-27 14:29:44.434192 ike 0:VPN_1:2731: mode-cfg send INTERNAL_IP6_SUBNET 0:2a03:9330:1:50::6/128:0
2025-02-27 14:29:44.434194 ike 0:VPN_1:2731: mode-cfg send INTERNAL_IP6_SUBNET 0:2a03:9330:1:50::101/128:0
2025-02-27 14:29:44.434196 ike 0:VPN_1:2731: mode-cfg send INTERNAL_IP6_SUBNET 0:2a03:9330:1:50::102/128:0
2025-02-27 14:29:44.434198 ike 0:VPN_1:2731: mode-cfg send (10) IPv6 DNS(1) 2a03:9330:1:50::121
2025-02-27 14:29:44.434200 ike 0:VPN_1:2731: mode-cfg send (10) IPv6 DNS(2) 2a03:9330:1:50::122

 

If the tunnel is being configured for the FortiClient and the client does not receive the IPv6, it is requested to follow the below article: Technical Tip: Not receiving an IPv6 address from Dialup IPsec tunnel on FortiClient

 

Another option to have the user and the IP address assigned to the tunnel is:

 

get vpn ike gateway | grep "eap-user\|assigned"
1091
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.