This article describes how to use Peer IDs to select an IPSec dialup tunnel on a FortiGate configured with multiple dialup tunnels.
Dialup VPN tunnels are used when the remote VPN gateway or remote VPN client IP address is dynamic and therefore unknown.
Many customers use a single dialup tunnel (Phase 1 and Phase 2) for all remote dialup VPN gateways and clients.
In some cases, multiple dial-up tunnels are required.
To grant different remote VPN client users access to different networks and services.
To grant remote VPN gateways access to different networks and services
FortiGates uses Peer IDs as the unique identifier to select a dialup tunnel. When multiple dialup tunnels are added, give each tunnel a different Peer ID.
Assign corresponding Peer IDs to remote VPN gateways and remote VPN clients.
When the IPsec tunnel is created by the wizard there is no GUI option to add a peer ID. To be able to add a Peer ID on an IPsec tunnel created by the wizard there are 2 options:
Aggressive mode configuration: