Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
exidinus
New Contributor

VPN IPsec Dialup - FortiClient

Hello.

Sorry, I didn't know which section is better to write VPN or Firewall

 

Users must remotely connect to the central office and work with authorized services. Users can be included in groups for which the service should be available. IPSec pre-shared key There are 2 rules in the firewall

 

show
config firewall policy
    edit 4
        set name "vpn_ipsec_1"
        set uuid **********************
        set srcintf "ipsec_1"
        set dstintf "lan"
        set srcaddr "ipsec_1_range"
        set dstaddr "server_1"
        set action accept
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set comments "VPN: ipsec_1
        set nat enable
    next
end

 

 

config firewall policy
    edit 5
        set name "vpn_ipsec_2"
        set uuid ***********************
        set srcintf "ipsec_2"
        set dstintf "lan"
        set srcaddr "ipsec_2_range"
        set dstaddr "server_2"
        set action accept
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set comments "VPN: ipsec_2
        set nat enable
    next
end

 

The crux of the pain is VPN_2 is not connected on the client, but if you disable rule number 1, then VPN_2 is connected on the client. Tell me where to dig?

1 REPLY 1
Mrinmoy
Staff
Staff

Please share the vpn config and user group config here

Mrinmoy Purkayastha
Labels
Top Kudoed Authors