Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
robert_espi
New Contributor II

Created on ‎04-25-2023 12:46 PM

Creating Dailup IPSec VPN on VDOMS

Hi, 
Grateful if any assistance can be rendered. I have a Fortigate 100F running on fortios 7.0.11.
I currently have the fortigate set to multi-vdom mode with 3 vdoms. (root, vdomA, vdomB). 
I have my 2 WAN interfaces connected to the root vdom, which feeds vdomA(wan1) and vdomB(wan2) with internet. I want to create a dailup ipsec vpn portal for vdomA. Since the WAN interface is on the root vdom, where should this dailup vpn be created (on the root or vdomA)? Also, how will i be able to route the traffic the taffic across vdoms? thanks.  

R.E
R.E
Labels:
2291
0 Kudos
4 REPLIES 4
gfleming
Staff
Staff

Created on ‎04-25-2023 08:41 PM

You would do this on the vdomA. 

 

You would route traffic to vdomA the same way you are doing it today? I'm only assuming based on your description above that you already have an inter-VDOM link configured...

Cheers,
Graham
2277
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎04-26-2023 04:38 AM

Or you could place the VPN gateway in VDOM root and route the traffic into VDOM-A (surprise, surprise). Just regard a VDOM as an autonomous Fortigate (except for resources, power off/reset behaviour and inter-VDOM links). The VPN gateway would be the central firewall in front of VDOM-A and VDOM-B. This way, you won't have trouble with the public IP which is needed for IPsec.

 

I guess at the moment you are not concerned with the public WAN IP, as VDOM root is the management VDOM and thus receiving the FortiGuard updates for all VDOMs.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
2267
0 Kudos
msanjaypadma
Staff
Staff

Created on ‎04-26-2023 05:09 AM

Hi robert_espi,

I hope below article might help you, if you want to configure ipsec vpn on vdoms which doesn't have direct internet(ISP) connected:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-IPSec-VPN-tunnels-on-VDOMs-tha...

 

Above article is for site to site VPN, however you can configure Dialup Ipsec VPN by changing the mode and configuration.

And you can configure Ipsec vpn in root vdom or vdomA, its upto your network topology or if you want to segregate the routing/policy configuration from two different vdoms.

 

 

Mayur Padma
2263
HeatherWilliams
New Contributor

Created on ‎04-26-2023 05:22 AM Edited on ‎04-28-2023 07:20 AM

Since the WAN interfaces are connected to the root VDOM, you will need to create the dialup IPsec VPN portal in the root VDOM. Once the VPN is created, you can configure the routing to allow traffic from the VPN to reach VDOMA. If you are an MBA student who has to write an essay but cannot think of a suitable topic, you may visit this website https://mbaessayhelp.com/mba-thesis-topics/ This website has MBA thesis topics 2023, which will assist you in writing your essay, as well as other subjects that will assist you in completing your essay assignment.

2251
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.