VPN IPSec method Pre-shared Key (dialup - forticlient) 2 or more rules

exidinus · ‎09-16-2020

Hello.

Sorry, I didn't know which section is better to write VPN or Firewall

Users must remotely connect to the central office and work with authorized services. Users can be included in groups for which the service should be available. IPSec pre-shared key There are 2 rules in the firewall

show
config firewall policy
    edit 4
        set name "vpn_ipsec_1"
        set uuid **********************
        set srcintf "ipsec_1"
        set dstintf "lan"
        set srcaddr "ipsec_1_range"
        set dstaddr "server_1"
        set action accept
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set comments "VPN: ipsec_1
        set nat enable
    next
end

config firewall policy
    edit 5
        set name "vpn_ipsec_2"
        set uuid ***********************
        set srcintf "ipsec_2"
        set dstintf "lan"
        set srcaddr "ipsec_2_range"
        set dstaddr "server_2"
        set action accept
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set comments "VPN: ipsec_2
        set nat enable
    next
end

The crux of the pain is VPN_2 is not connected on the client, but if you disable rule number 1, then VPN_2 is connected on the client. Tell me where to dig?

Toshi_Esumi · ‎09-16-2020

Look for the references in my comment in the thread. It was discussed in multiple threads in the past.

https://forum.fortinet.co...m=188200&tree=true

exidinus · ‎09-16-2020

Thank you so much.

VPN IPSec method Pre-shared Key (dialup - forticlient) 2 or more rules

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website