Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Yurisk
Valued Contributor

VPN IPsec dialup peertype - how to use

Good day everyone,

I am trying to understand how and what for to use peertype dialup settings in Phase1 interface mode for IPSec VPN client connections. The documentation just lists this option, Google tells contradicting stories. I tried just for luck using Firewall group with local users  (setting via set usrgrp) - could not connect with any of them (Authentication failed), while using the same user group but peertype any works fine. 

 

That is what I mean:

(phase1-interface) # edit FCtun0

(FCtun0) # set peertype any Accept any peer ID. one Accept this peer ID. dialup Accept peer ID in dialup group.

 

Thanks.

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.


All opinions are mine only.
3 REPLIES 3
citromkolbasz
New Contributor

Have you found anything about this option in the official forti documentation? Or do you know the answer now?

sw2090
Honored Contributor

peertype any will accept any peer id you submit upon dialling in. It will even accept an empty peer id.

one peerid will only accept this one specific peer id upon dialling in. You will only be able to dial in if you submit the correct peer id.

 

dialup probably allows you to enter some grup and put peers in there to have more then one bt not any :)


-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

sw2090
Honored Contributor

peertype any will accept any peer id you submit upon dialling in. It will even accept an empty peer id.

one peerid will only accept this one specific peer id upon dialling in. You will only be able to dial in if you submit the correct peer id.

 

dialup probably allows you to enter some grup and put peers in there to have more then one bt not any :)


-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams