Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Raffael_Hotz
New Contributor

2 VPN Dial-Up FGT connects to same VPN interface

Hello all,

i have a strange thing going on here and I cannot help myself and need some help. I have my main FGT where I want to connect 2 DialUp FGTs. I have 2 different Dial-Up VPNs on my main with 2 different tunnel interfaces with different IPs and destinations. The DialUp FGTs have the right tunnel IP and destination tunnel IP... Both DialUp come with another public IP but in the end both end up in the same VPN like VPN-Tunnel1_0 and VPN-Tunnel_1 but DialUp 2 should use VPN-Tunnel2 of course.

There is no static routing, everything is done by OSPF.

What is even more stronge, until last night it worked.

 

I Have no clue why it changed. I tried to set Peer-ID but they just use the first VPN Tunnel interface. Is there anything I may have changed or am I missin something?

Thanks

Raffa

4 REPLIES 4
Raffael_Hotz
New Contributor

well - it looks like they cannot have the same psk.

problem solved

jorge_americo
Contributor

NSE-4
jorge_americo

Allright

my screen was out of date, good job

 

NSE-4

NSE-4
sw2090
Honored Contributor

looks somehow mixed up.

DialUp is tied to an interface on the FGT but does not have a defined remote end.

If you have more than one dial up tied to the same interface you have to give the FGT a way the find the correct one.

This can be done using unique p1/p2 proposals, limiting the ipsec to a specific peerid or even an unique psk.

Otherwise an incoming connection will not match any or will match some wroing ipsec and in consequence will fail.

 

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors