Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dwayne_A
New Contributor

Created on ‎01-09-2021 07:34 AM

Created IPsec VPN tunnel, only first connection provides routing others routing fail

Hello,

 

A little background first:

Running 100D v6.2.5 Build1142, Client running 6.4.2.1580

I have taken over from a previous IT provider and they had 1 IPsec tunnel created. They shared the pre-share key but it didnt seem to work when setting up 3 new laptops for the office.

 

They primarily want to vpn, run RPD and access quickbooks from their desktops. The one original user has done this for years.

I created a new IPsec modeled after what was in the fortigate configuration, created a new IP range and also attempted to use the existing.

 

I am able to connect with the new Tunnel and RPD as expected, can also ping any machine on the network.

When i attempt to connect laptop 2 and 3, they will connect to the tunnel but i have no routing to allow me to RPD or ping any local machine.

 

I am not sure if I am missing something in the config as I have attempted to use the existing IP address range with same results.

I am not fluent in fortigate having used and managed it 4 years ago.

If anyone has any suggestions on what I might be missing it would be greatly appreciated.

 

As a last resort, I would create a direct RDP to each machine using a customized (not 3389) port. this is already currently setup for remote RDP into the server so that would be a simple setup if the VPN issue isnt resolved.

 

Thanks much Forum for your assistance

 

Dwayne

 

2997
0 Kudos
2 REPLIES 2
ede_pfau
SuperUser
SuperUser

Created on ‎01-10-2021 04:54 AM

I'm afraid this is not enough information to provide an answer.

Why did you create a second VPN in the first place (no pun intended)? Is the 'orginal' VPN still active?

 

If I'd set up a VPN for multiple clients, it would be a single, dial-in IPsec VPN. Each user would create a distinct VPN tunnel ("tunnelname_0"..."tunnelname_1" etc.). One policy would allow traffic into the LAN.

 

I believe there must be numerous recipes and examples for this in either the Handbook or the Cookbook, available on docs.fortinet.com.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
2021
0 Kudos
Dwayne_A
New Contributor
In response to ede_pfau

Created on ‎01-10-2021 08:30 AM

Ede,

 

I created a second tunnel because the pre-share key that was given to me did not work when setting up another users laptop.

I didnt want to "Break" what the other user had so i created another tunnel.

I did find yesterday that the Nat transversal needed to be set (comparing to the original tunnel spec) and everything seems to be working fine after that change was made. I decided to use the same IP addressing scheme as the original tunnel to make sure i wasnt introducing any new routing table issues.

 

Appreciate your feedback and I'm glad people are reading and helping where they can

 

Dwayne

2022
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.