I have a 2x FG100D running 5.4.3 and configured with a site-to-site IPSEC VPN tunnel via the wizard that works without issue. My problem is I also want to add DialupVPN access for remote users. I understand I need to use PEER ID and have made several attempts using the wizard and custom tunnel setups to make this work. Unfortunately I have not been successful.
If I setup a dialupVPN using the wizard I have to go to the CLI to change the Peertype and peerid since changing the wizard-based tunnel to custom wont let me save because it is looking for a IPV6 DNS server. However, I have no issues setting the peertype to one and ID to 1001 in the CLI.
I then try to change the point-to-point tunnel via the CLI and the peertype is set to ANY - which I cannot change. So, all of my VPN client attempts fail with a mismatched preshare key (to name a few).
First question - can I even do this - have a point-to-point IPSEC full time tunnel with a handful of remote access users accessing the LAN?
If so, is there some general guidance on how to do this? I would post configs but I have deleted them each time I fail hoping starting fresh will shed new light. However, this is not working.
Thanks in advance for any input/assistance you can offer.