Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
iamirreza13
New Contributor II

Created on ‎05-10-2025 10:52 PM

Configuring IPSec IKEv2 tunnel for dial up connection

Hi


I'm trying to setup IKEv2 tunnels for my remote access users. on IKEv1 i could assign tunnels to a user groups but when i change it to IKEv2, I can't find anywhere to assign the tunnel to a group. I'm using LDAP for user Authentication. how am i supposed to handle this?

Regards

.
.
Labels:
582
0 Kudos
1 Solution
ebilcari
Staff
Staff
In response to iamirreza13

Created on ‎05-11-2025 05:18 AM

This limitation is explained on these articles:

Technical Tip: IKEv2 tunnel fails when LDAP based usergroup is used for EAP

Troubleshooting Tip: Using IKEv2 for a dial-up IPsec tunnel with a RADIUS server and Local user

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

524
4 REPLIES 4
sjoshi
Staff
Staff

Created on ‎05-10-2025 11:41 PM

Hi,

Can you share the snap where you are exactly not able to assign the group.

Share both working and non working snap for ikev1 and ikev2

If you have found a solution, please like and accept it to make it easily accessible to others.
Fortinet Certified Expert (FCX) | #NSE8-003459
Salon Raj Joshi
576
iamirreza13
New Contributor II

Created on ‎05-11-2025 03:46 AM

Hi, thanks for the reply
this is the IKEv1 setting but when i change the version to IKEv2, this section disappears cause IKEv2 doesn't work with XAUTH, but no option for EAP appears either. i think it's only configurable via CLI, but i guess you can only use the EAP with RADIUS server and you can't do it with LDAP. Do you have any insight or solution about configuring this with LDAP?

ikev1.png

.
.
545
0 Kudos
iamirreza13
New Contributor II
In response to iamirreza13

Created on ‎05-11-2025 04:57 AM

I've tried and did the configs via CLA and it works but only for local users and i assume RADIUS users, but it did not work with LDAP users. any suggestions?

.
.
529
0 Kudos
ebilcari
Staff
Staff
In response to iamirreza13

Created on ‎05-11-2025 05:18 AM

This limitation is explained on these articles:

Technical Tip: IKEv2 tunnel fails when LDAP based usergroup is used for EAP

Troubleshooting Tip: Using IKEv2 for a dial-up IPsec tunnel with a RADIUS server and Local user

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
525
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.