sha-1_FTNT
Staff
Created on
06-28-2018
05:41 AM
Edited on
11-04-2024
11:14 AM
By
Stephen_G
Article Id
193618
Description
This article describes that, as of FortiOS 5.6.3 and 6.0, a new behavior is implemented for route-based IPsec dialup tunnels.
As of FortiOS 6.2.1, this behavior is implemented for ADVPN shortcuts.
Scope
Dialup phase1 :
FortiOS 5.6.3 and above.
FortiOS 6.0 and above.
FortiOS 6.0 and above.
This option is removed from FortiOS 7.0.0 and above.
Static phase1 (for ADVPN shortcuts):
FortiOS 6.2.1 and above.
This option is removed from FortiOS 7.0.0 and above.
Solution
This behavior is controlled by two new CLI settings:
config vpn ipsec phase1-interface
edit <ph1-name>
set type { dynamic | static }
set net-device { disable* | enable }
set tunnel-search { selectors* | nexthop }
( ... )
end
These settings and the corresponding behaviors are detailed in the PDF file available in the Attachments section.
Note: Version 6.0 up to 6.4 is out of engineering support. If these commands do not work look for a fresh guide on newer versions such as 7.0 and above. Here, check the upgrade path and compatibility of the device based on the hardware: Upgrade Path Tool Table.
Related articles:
- Troubleshooting Tip: Troubleshooting IPsec Site-to-Site Tunnel Connectivity
- Technical Tip: How to configure VPN Site to Site between FortiGates (Using VPN Setup Wizard)
- Troubleshooting Tip: IPsec VPNs tunnels
- Technical Tip: Setting multiple DNS server for IPSec dial-up VPN
- Technical Tip: NAT-traversal comparison between site-to-site and dial-up” dynamic” tunnels
- Technical Tip: FortiGate Hub with multiple IPSec Dial-up phase1 using IKEv2 and PSK authentication
- Technical Tip : How to configure multiple VPN tunnels from the same ISP to the same remote peer ISP.
- Technical Tip: IPSec dial-up full tunnel with FortiClient
- Technical Tip: Differences between Aggressive and Main mode in IPSec VPN configurations
- Technical Note: Dynamic routing (BGP) over IPsec tunnel
- Technical Tip: OSPF with IPSec VPN for network redundancy
- Technical Tip: Dynamic dial-up VPN with OSPF
- Technical Tip: Fortinet Auto Discovery VPN (ADVPN)
- Technical Tip: Simple OCVPN deployment
- Technical Tip: SD-WAN integration with OCVPN
- Technical Tip: Configure IPsec VPN with SD-WAN
- Technical Tip: SD-WAN with DDNS type IPsec
- Technical Tip: SD-WAN primary and backup ipsec tunnel Scenario
- Troubleshooting Tip: IPsec VPN Phase 1 Process - Aggressive Mode
- Technical Note : Configuring more than one Main-Mode Pre-Shared Key (PSK) *dialup* IPSec phase1 on a...
- Technical Tip: How to configure IPsec VPN Tunnel using IKE v2
- Technical Tip: Hard timeout for Dialup IPSEC VPN Tunnel