Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
arie_arie
New Contributor III

Extending Subnet Mask in Dial-Up VPN IPSec

Hi,

I want to know what are the impacts to existing dial-up clients when I extend/expand the netmask (say from 255.255.255.0 to 255.255.252.0) in dynamic Dial-Up VPN IPSec on the Hub?

Maybe someone can give insight about this.

 

Thank you

Ari

1 Solution
hbac
Staff
Staff

Hi @arie_arie,

 

I tested in my lab and existing dialup client shouldn't get disconnected. However, if you have an address object for dialup VPN subnet in the static route or firewall policy, you will need to change its subnet mask as well. 

 

Regards, 

View solution in original post

5 REPLIES 5
AEK
SuperUser
SuperUser

Hi

I don't see any impact.

AEK
AEK
arie_arie
New Contributor III

Hi,

Will the existing established dialup client do re-establish tunnel after I change the netmask on the hub?

 

Thank you

AEK

Hi

Theoretically I don't see an impact (they still connected), but always a good idea to try it with a test VPN.

AEK
AEK
hbac
Staff
Staff

Hi @arie_arie,

 

I tested in my lab and existing dialup client shouldn't get disconnected. However, if you have an address object for dialup VPN subnet in the static route or firewall policy, you will need to change its subnet mask as well. 

 

Regards, 

arie_arie
New Contributor III

Hi,

 

Thank you for the test result.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors