I have a gate that is a spoke in an ADVPN config where each IPSec tunnel has different network-id to differentiate them. I want to be able to use this same spoke as a hub for ikev2 remote access forticlients. After a lot of testing I believe I narrowed down the issue where the gate won’t find a matching proposal from the forticlient due to the need for a network-id on the gate but forticlient doesn’t have that config option. It doesn’t seem to exist in EMS either.
Has anyone tried something similar? I feel like there’s an obscure setting in the phase 1 that would make this work.
For multiple dial-up VPN, you need to use peerID and localID. Peer ID is configured on IPsec tunnel work as Dial-up Server and local ID need to be configured on FortiClient or IPsec tunnel work as Dial-up client. Please refer to the following documents for more details:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.