Hi
I'm trying to allow multiple IPSec dial-up connections from the same source IP, and I found help here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Allowing-multiple-IPSec-dial-up-connection...
My problem is, that I get an error, when I try to set the "route-overlap allow" command. It just says "unknown action 0"
I have a Fortigate 60F with firmware v7.4.3
Regards Thomas Barnes
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @PCBarnes ,
It's interesting, I tried with your settings in my lab environment. The command does not work like yours.
Also, I have a dial-up tunnel configuration (FortiClient). In this type, the command is working.
Can you try it like that?
Can you confirm if you have configured "set net-device enable" under phase1 ? If not, please try the below.
configure "set net-device enable" under phase1
change route-overlap to allow under phase2
disable net-device again under phase1
Hello Suraj
Yes, I can confirm, that I did the "set net-device enable" first.
You can see, I'm a bit unsure about the "set" command. If I write exactly as suggested from the Fortinet homepage, I get another error.
Regards Thomas Barnes
Created on 03-28-2024 03:52 AM Edited on 03-28-2024 03:55 AM
Hello @PCBarnes ,
Your vpn type dial-up, right?
Because this command just running with dial-up tunnel type.
Yes, it is a dial-up tunnel type.
The VPN connection is created using the "IPsec Wizard. It is set up as shown in the picture.
Hello @PCBarnes ,
It's interesting, I tried with your settings in my lab environment. The command does not work like yours.
Also, I have a dial-up tunnel configuration (FortiClient). In this type, the command is working.
Can you try it like that?
I'm sure, I could make it work with the FortiClient, if you can.
My problem is just that my customer doesn't have FortiClient-software, and the Windows built-in VPN software works fine. It is only with a married couple who works for my customer, where they have problems, when the couple works from home at the same time on separate laptops. Here it is "first come, first served"!
So, is there a workaround for this?
Hello @PCBarnes ,
I understand your concern. In my opinion, this feature not working with the L2TP tunnel.
I tried all of the tunnel types, this command works with IOS and FortiClient. But Android and Windows tunnel types use L2TP type. I think because of that not work this command.
Maybe you can try this. Create a dial-up tunnel with IOS type. After that, try to connect to this tunnel with a Windows machine.
Thank you, I'll give it a try!
Best regards Thomas Barnes
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.