Technical Tip: IPsec remote access VPN with peer t...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 425516

Description

This article describes how to configure FortiGate and FortiClient when using peer type 'dialup'.

Scope

FortiGate, FortiClient.

Solution

When FortiGate IPsec Remote Access VPN is configured with peer type 'dialup', FortiClient connection will use the user password as pre-shared key and username as Local ID.

Example:

Username: testuser.

User Password: password1.

FortiGate Configuration on CLI:

config vpn ipsec phase1-interface

edit "IPSEC_RA"

set type dynamic

set interface "port1"

set mode aggressive

set peertype dialup --> Peer Type set to 'dialup'.

set net-device disable

set mode-cfg enable

set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

set dhgrp 20 14 5

set xauthtype auto

set authusrgrp "IPSEC_GROUP"

set usrgrp "IPSEC_GROUP" --> User Group should be set.

set ipv4-start-ip 10.10.10.1

set ipv4-end-ip 10.10.10.10

set dns-mode auto

set ipv4-split-include "IPSEC_RA_split"

set save-password enable

end

Note: When 'peertype' is set to 'dialup', the 'psksecret' command will be unavailable.

FortiGate Configuration on GUI:

Screenshot 2026-01-06 172256.png

FortiClient connection configuration:

176

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: IPsec remote access VPN with peer type set to 'dialup'

You are leaving our website