Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PCBarnes
New Contributor

Route-overlap allow command fails

Hi

 

I'm trying to allow multiple IPSec dial-up connections from the same source IP, and I found help here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Allowing-multiple-IPSec-dial-up-connection...

My problem is, that I get an error, when I try to set the "route-overlap allow" command. It just says "unknown action 0"

 

I have a Fortigate 60F with firmware v7.4.3

 

Regards Thomas Barnes

1 Solution
ozkanaltas
Valued Contributor III

Hello @PCBarnes ,

 

It's interesting, I tried with your settings in my lab environment. The command does not work like yours.

 

Also, I have a dial-up tunnel configuration (FortiClient). In this type, the command is working.

 

Can you try it like that?

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
11 REPLIES 11
srajeswaran
Staff
Staff

Can you confirm if you have configured "set net-device enable" under phase1 ? If not, please try the below.
configure "set net-device enable" under phase1
change route-overlap to allow under phase2

disable net-device again under phase1

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
PCBarnes

Hello Suraj

Yes, I can confirm, that I did the "set net-device enable" first.

You can see, I'm a bit unsure about the "set" command. If I write exactly as suggested from the Fortinet homepage, I get another error.

Regards Thomas BarnesRoute-overlap error.png

ozkanaltas
Valued Contributor III

Hello @PCBarnes ,

 

Your vpn type dial-up, right? 

 

Because this command just running with dial-up tunnel type.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
PCBarnes

Yes, it is a dial-up tunnel type.

PCBarnes

The VPN connection is created using the "IPsec Wizard. It is set up as shown in the picture.VPN.png

ozkanaltas
Valued Contributor III

Hello @PCBarnes ,

 

It's interesting, I tried with your settings in my lab environment. The command does not work like yours.

 

Also, I have a dial-up tunnel configuration (FortiClient). In this type, the command is working.

 

Can you try it like that?

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
PCBarnes

I'm sure, I could make it work with the FortiClient, if you can.

My problem is just that my customer doesn't have FortiClient-software, and the Windows built-in VPN software works fine. It is only with a married couple who works for my customer, where they have problems, when the couple works from home at the same time on separate laptops. Here it is "first come, first served"!

So, is there a workaround for this?

ozkanaltas
Valued Contributor III

Hello @PCBarnes ,

 

I understand your concern. In my opinion, this feature not working with the L2TP tunnel.

 

I tried all of the tunnel types, this command works with IOS and FortiClient. But Android and Windows tunnel types use L2TP type. I think because of that not work this command.

 

Maybe you can try this. Create a dial-up tunnel with IOS type. After that, try to connect to this tunnel with a Windows machine.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
PCBarnes

Thank you, I'll give it a try!

 

Best regards Thomas Barnes

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors