Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
0skarprez
New Contributor

2 IPsec connections over one interface

Hello, 

 

I hope you can help me, recently I was asked to configure another IPsec connection for remote users, with different policies. so I did it and everything worked properly, but I had not notice that, when I created the second IPsec connection, the fisrt one stop working, users cannot connect to that vpn connection, but the sencond works perfect. Once I deleted this second VPN connection, the first wan works again. Is this even possible, to have 2 differen IPsec connection through the same internet interface an IP address?, Did I miss something in the configuration?

 

We have a Fortigate 60D with v5.2.7,build718 (GA) SO. I know is an old one.

 

thank you for your comments.

regards

5 REPLIES 5
rwpatterson
Valued Contributor III

This should work as long as you tighten up the phase 2 selectors. If you have them open to 0.0.0.0, the firewall may have a hard time discerning which one to drive traffic through. I do this all day as do most folks here so I know it works.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
0skarprez

Thank you for you comment, I am not sure how to configure that, this is what I have since I used the VPN wizard, and I think is exactly what you mentioned, 

 

0skarprez

sorry, here is the image..

rwpatterson
Valued Contributor III

Where it says local and remote subnets, change them to the actual subnets, not leaving them at the wildcard. For example 192.068.1.0/255.255.255.0 instead of all zeros. Do this on both ends of the tunnel.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Toshi_Esumi
SuperUser
SuperUser

If you're trying to set up two dialup/remote access VPNs for two different group, you need to user "Peer ID/Local ID" discussed in below:

https://forum.fortinet.com/tm.aspx?tree=true&m=184280&mpage=1

In the discussion, ShawnZA is referring to below KB:

https://kb.fortinet.com/kb/documentLink.do?externalID=10114

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors