Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

IPsec VPN bind user to IP

Is it possible to bind users to a specific IP with IPsec VPN?

1 Solution


Please see this KB article which would be helpful

View solution in original post

Esteemed Contributor III

You seem to be a friend of few words. Could you please elaborate on your question. Is this about address assignment of IPsec VPN clients? FortiClient or AnyConnect, that is, mode config or not?

Less guessing, more answers.


"Kernel panic: Aiee, killing interrupt handler!"



Yes, I have a IP-Pool which are given to IPsec VPN Clients. I want to achieve to assign unique IP adresses to Fortigate VPN-Users or VPN-Clients if possible. "User1" always gets etc. I'm using the Fortigate VPN Client.


PS: Doesn't know Cisco AnyConnect works at all with Fortigate?!? The Client doesn't have enough options to configure.



Please see this KB article which would be helpful


Hi. Wont work for me :o


Have the following Interfaces in my VPN vdom:

+Port1 (VPN Ingress) type:physical IP

-+ IPsec_VPN created by Wizard type:VPN_Tunnel


+Port2 (VPN Egress) type:physical

-+VLAN100 (in which VPN Target Network is) type:VLAN IP


I've now configured the DHCP on VLAN100, because I only can configure a DHCP Server on a Interface which has an IP in the Subnet of the DHCP Range (


If I chose in FortiClient IPsecDHCP, The Phase2 seemes to work, but the connection doesnt come up. Because I guess no IP will be assigned.


Deactivating "Mode Config" in the VPN Settings will work again, but without DHCP.


Hello, Doing exactly instructions from this tutorial  I was not able to successfully create a VPN tunnel. Phase 2 error.


The CLI instructions shown in the tutorial: "set dhcp-ipsec enable HIGHLIGHT" returns me an error. The modified entry: "set dhcp ipsec-enable" is probably insufficient.

Is the DHCP on IPsec requires a Policy-based VPN?

In the documentation I see: "DHCP-IPsec - [...] Select this option if the FortiGate unit assigns VIP addresses to FortiClient dialup clients through a DHCP server or relay. This option is available only if the Remote Gateway in the Phase 1 configuration is set to Dialup User and it works only on policy-based VPNs."


Can I set DHCP on Dialup IPsec using only a Route-based VPN?