I have a gate that is a spoke in an ADVPN config where each IPSec tunnel has different network-id to differentiate them. I want to be able to use this same spoke as a hub for ikev2 remote access forticlients. After a lot of testing I believe I narrowed down the issue where the gate won’t find a matching proposal from the forticlient due to the need for a network-id on the gate but forticlient doesn’t have that config option. It doesn’t seem to exist in EMS either.
Has anyone tried something similar? I feel like there’s an obscure setting in the phase 1 that would make this work.
Hello Benny,
For FortiClient connections, you can use the peer ID. This feature is available on both FGT and FortiClient EMS, and it will allow FortiClient to connect to the correct dial-up tunnel.
Best regards,
Hi @benny7,
For multiple dial-up VPN, you need to use peerID and localID. Peer ID is configured on IPsec tunnel work as Dial-up Server and local ID need to be configured on FortiClient or IPsec tunnel work as Dial-up client. Please refer to the following documents for more details:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-of-PeerID-and-LocalID-in-IPsec-VPN-bet...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-Peer-IDs-to-select-an-IPSec-dia...
Regards,
Minh
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.