Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
exidinus
New Contributor

VPN IPSec method Pre-shared Key (dialup - forticlient) 2 or more rules

Hello.

Sorry, I didn't know which section is better to write VPN or Firewall

 

Users must remotely connect to the central office and work with authorized services. Users can be included in groups for which the service should be available. IPSec pre-shared key There are 2 rules in the firewall

 

show
config firewall policy
    edit 4
        set name "vpn_ipsec_1"
        set uuid **********************
        set srcintf "ipsec_1"
        set dstintf "lan"
        set srcaddr "ipsec_1_range"
        set dstaddr "server_1"
        set action accept
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set comments "VPN: ipsec_1
        set nat enable
    next
end

 

 

config firewall policy
    edit 5
        set name "vpn_ipsec_2"
        set uuid ***********************
        set srcintf "ipsec_2"
        set dstintf "lan"
        set srcaddr "ipsec_2_range"
        set dstaddr "server_2"
        set action accept
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set comments "VPN: ipsec_2
        set nat enable
    next
end

 

The crux of the pain is VPN_2 is not connected on the client, but if you disable rule number 1, then VPN_2 is connected on the client. Tell me where to dig?

2 REPLIES 2
Toshi_Esumi
Esteemed Contributor II

Look for the references in my comment in the thread. It was discussed in multiple threads in the past.

https://forum.fortinet.co...m=188200&tree=true

exidinus

Thank you so much.