Technical Tip: How to find the IP address assigned to the IPsec remote dialup user

kajlasunil · ‎05-08-2025

Description

This article explains how to get the Remote IPsec user IP address, which can be used by the network admin for analysis purposes.

Scope

FortiOS.

Solution

Unlike SSL VPN, the FortiOS GUI does not show the IP address assigned to the Remote IPsec user.

To find the tunnel Address, follow these steps.

Go to Dashboard -> Network -> IPsec and select 'click to expand' the widget.
Note down the IPsec tunnel name that corresponds to the user.

Use the following command to find out the assigned IP.

FGT # diagnose vpn ike gateway list name IPSECDAILUP_0

vd: root/0
name: IPSECDAILUP_0
version: 1
interface: wan1 5
addr: 10.0.0.250:4500 -> x.x.x.x:4501
tun_id: x.x.x.x/::10.0.0.6
remote_location: 0.0.0.0
network-id: 0
transport: UDP
virtual-interface-addr: local: 172.16.1.100
virtual-interface-addr: remote: 172.16.1.100
created: 68s ago
xauth-user: test
2FA: no
peer-id: 192.0.0.4
peer-id-auth: no
FortiClient UID: 4D0A595658440B50010E025401563365
assigned IPv4 address: 10.10.20.1/255.255.255.255
nat: me peer
pending-queue: 0
IKE SA: created 1/1 established 1/1 time 50/50/50 ms
IPsec SA: created 1/1 established 1/1 time 60/60/60 ms

id/spi: 23459 dc08a8ec9ff5e9ba/07c54bd3cfe7fbbb
direction: responder
status: established 68-68s ago = 50ms
proposal: aes128-sha1
key: af8955527f5f0d8f-0f28ac9c14bbe089
QKD: no
PQC-KEM (IKE): no
PQC-KEM (all IPsec): no
lifetime/rekey: 28800/28461
DPD sent/recv: 00000000/000009fd
peer-id: 192.0.0.4

Method 2:

Under Log and reports -> System events -> VPN events.

assigned IP.PNG

Technical Tip: How to find the IP address assigned to the IPsec remote dialup user

You are leaving our website