Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
benny7
New Contributor

IPsec VPNs

I have a gate that is a spoke in an ADVPN config where each IPSec tunnel has different network-id to differentiate them. I want to be able to use this same spoke as a hub for ikev2 remote access forticlients. After a lot of testing I believe I narrowed down the issue where the gate won’t find a matching proposal from the forticlient due to the need for a network-id on the gate but forticlient doesn’t have that config option. It doesn’t seem to exist in EMS either.

Has anyone tried something similar? I feel like there’s an obscure setting in the phase 1 that would make this work.

https://xender.vip/
2 REPLIES 2
v_ceban
Staff
Staff

Hello Benny,

For FortiClient connections, you can use the peer ID. This feature is available on both FGT and FortiClient EMS, and it will allow FortiClient to connect to the correct dial-up tunnel.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-Peer-IDs-to-select-an-IPSec-dia...

Best regards,

Vladislav Ceban
mle2802
Staff
Staff

Hi @benny7,

For multiple dial-up VPN, you need to use peerID and localID. Peer ID is configured on IPsec tunnel work as Dial-up Server and local ID need to be configured on FortiClient or IPsec tunnel work as Dial-up client. Please refer to the following documents for more details:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-of-PeerID-and-LocalID-in-IPsec-VPN-bet...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-Peer-IDs-to-select-an-IPSec-dia...

Regards,
Minh

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors