Hello all,
i have a strange thing going on here and I cannot help myself and need some help. I have my main FGT where I want to connect 2 DialUp FGTs. I have 2 different Dial-Up VPNs on my main with 2 different tunnel interfaces with different IPs and destinations. The DialUp FGTs have the right tunnel IP and destination tunnel IP... Both DialUp come with another public IP but in the end both end up in the same VPN like VPN-Tunnel1_0 and VPN-Tunnel_1 but DialUp 2 should use VPN-Tunnel2 of course.
There is no static routing, everything is done by OSPF.
What is even more stronge, until last night it worked.
I Have no clue why it changed. I tried to set Peer-ID but they just use the first VPN Tunnel interface. Is there anything I may have changed or am I missin something?
Thanks
Raffa
well - it looks like they cannot have the same psk.
problem solved
Allright
my screen was out of date, good job
NSE-4
looks somehow mixed up.
DialUp is tied to an interface on the FGT but does not have a defined remote end.
If you have more than one dial up tied to the same interface you have to give the FGT a way the find the correct one.
This can be done using unique p1/p2 proposals, limiting the ipsec to a specific peerid or even an unique psk.
Otherwise an incoming connection will not match any or will match some wroing ipsec and in consequence will fail.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.