Hi
I'm trying to create 2 different Dialup VPN (ios Native) with different user group and different IP range
so one VPN will only access a web server and the other VPN will have full control over the network
for now it seems that i can only creat one VPN the users that trying to connect to the second VPN gets Negotiation Failed.
what is the correct way for doing that?
Is there any way to do so with one VPN?
Solved! Go to Solution.
Similar discussion was here:
https://forum.fortinet.com/tm.aspx?m=111123
You need to backup the config and modify it. But it's talking about "local ID" instead in the thread. But it should be exactly the same. My saved config shows like below because I don't have any id configured:
<ipsecvpn>
....
<connections>
<connection>
.....
<localid />
<peerid />
....
So you can insert like
<peerid>PEER_NAME</peerid>
Then restore the config to the client.
I've never seen it in FortiClient's GUI menu. I'm not sure it's configurable in iPhone and Android phone app. For those devices, SSL VPN is more common, which is dial-up by nature and also you can use either LDAP server or Realms to separate user groups to apply different policies. Lots of discussions about SSL VPN in this forum you can refer to.
If it's IPSec vpn and the client side can be configured with "peer id" or "server id", you can set "local id" on the Fortigate side at the phase1-interfaces. Otherwise you need to separate them by VDOMs.
Exactly, use peerIDs to seperate VPNs. This is well documented in the Admin Guide or the Cookbook (I think...). FortiClient should support peerID even on iOS.
Hello I would like your help regarding two vpn dialup in the same interface, if I set up a local Id the Fortigate in Forticlient I do not see any peer id option, the only thing I could do to work for me was to allow an id xxx in fortigate and in the forticlient configure in local id xxx, or that another option exists. Thank you
Similar discussion was here:
https://forum.fortinet.com/tm.aspx?m=111123
You need to backup the config and modify it. But it's talking about "local ID" instead in the thread. But it should be exactly the same. My saved config shows like below because I don't have any id configured:
<ipsecvpn>
....
<connections>
<connection>
.....
<localid />
<peerid />
....
So you can insert like
<peerid>PEER_NAME</peerid>
Then restore the config to the client.
Hello, thanks for the answer, take a backup to the configuration of the forticlient, make the modification and I will do tests, but one more doubt in any version is it possible to add it without editing the backup? and the peer id in ios and android if it is visible in forticlient? Thank you
I've never seen it in FortiClient's GUI menu. I'm not sure it's configurable in iPhone and Android phone app. For those devices, SSL VPN is more common, which is dial-up by nature and also you can use either LDAP server or Realms to separate user groups to apply different policies. Lots of discussions about SSL VPN in this forum you can refer to.
Thanks, not to make the issue cumbersome I decided to allow in the fortigate a peer id and in forticlient configure the local id, with it the tests came out Ok
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.