Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PCBarnes
New Contributor III

Created on ‎03-28-2024 03:21 AM

Route-overlap allow command fails

Hi

 

I'm trying to allow multiple IPSec dial-up connections from the same source IP, and I found help here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Allowing-multiple-IPSec-dial-up-connection...

My problem is, that I get an error, when I try to set the "route-overlap allow" command. It just says "unknown action 0"

 

I have a Fortigate 60F with firmware v7.4.3

 

Regards Thomas Barnes

Labels:
2957
0 Kudos
1 Solution
ozkanaltas
Valued Contributor III
In response to PCBarnes

Created on ‎03-28-2024 05:00 AM

Hello @PCBarnes ,

 

It's interesting, I tried with your settings in my lab environment. The command does not work like yours.

 

Also, I have a dial-up tunnel configuration (FortiClient). In this type, the command is working.

 

Can you try it like that?

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
2774
11 REPLIES 11
srajeswaran
Staff
Staff

Created on ‎03-28-2024 03:34 AM

Can you confirm if you have configured "set net-device enable" under phase1 ? If not, please try the below.
configure "set net-device enable" under phase1
change route-overlap to allow under phase2

disable net-device again under phase1

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
2479
PCBarnes
New Contributor III
In response to srajeswaran

Created on ‎03-28-2024 03:45 AM

Hello Suraj

Yes, I can confirm, that I did the "set net-device enable" first.

You can see, I'm a bit unsure about the "set" command. If I write exactly as suggested from the Fortinet homepage, I get another error.

Regards Thomas BarnesRoute-overlap error.png

2471
0 Kudos
ozkanaltas
Valued Contributor III
In response to PCBarnes

Created on ‎03-28-2024 03:52 AM Edited on ‎03-28-2024 03:55 AM

Hello @PCBarnes ,

 

Your vpn type dial-up, right? 

 

Because this command just running with dial-up tunnel type.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
2464
PCBarnes
New Contributor III
In response to ozkanaltas

Created on ‎03-28-2024 03:58 AM

Yes, it is a dial-up tunnel type.

2460
0 Kudos
PCBarnes
New Contributor III
In response to ozkanaltas

Created on ‎03-28-2024 04:50 AM

The VPN connection is created using the "IPsec Wizard. It is set up as shown in the picture.VPN.png

2434
0 Kudos
ozkanaltas
Valued Contributor III
In response to PCBarnes

Created on ‎03-28-2024 05:00 AM

Hello @PCBarnes ,

 

It's interesting, I tried with your settings in my lab environment. The command does not work like yours.

 

Also, I have a dial-up tunnel configuration (FortiClient). In this type, the command is working.

 

Can you try it like that?

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
2775
PCBarnes
New Contributor III
In response to ozkanaltas

Created on ‎03-28-2024 05:11 AM

I'm sure, I could make it work with the FortiClient, if you can.

My problem is just that my customer doesn't have FortiClient-software, and the Windows built-in VPN software works fine. It is only with a married couple who works for my customer, where they have problems, when the couple works from home at the same time on separate laptops. Here it is "first come, first served"!

So, is there a workaround for this?

2424
0 Kudos
ozkanaltas
Valued Contributor III
In response to PCBarnes

Created on ‎03-28-2024 05:22 AM

Hello @PCBarnes ,

 

I understand your concern. In my opinion, this feature not working with the L2TP tunnel.

 

I tried all of the tunnel types, this command works with IOS and FortiClient. But Android and Windows tunnel types use L2TP type. I think because of that not work this command.

 

Maybe you can try this. Create a dial-up tunnel with IOS type. After that, try to connect to this tunnel with a Windows machine.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
2420
PCBarnes
New Contributor III
In response to ozkanaltas

Created on ‎03-28-2024 05:43 AM

Thank you, I'll give it a try!

 

Best regards Thomas Barnes

2414
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.