Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
one_co_il
New Contributor

Multiple Dailup VPN Same Interface

Hi

I'm trying to create 2 different Dialup VPN (ios Native) with different user group and different IP range

so one VPN will only access a web server and the other VPN will have full control over the network

 

for now it seems that i can only creat one VPN the users that trying to connect to the second VPN gets Negotiation Failed.

what is the correct way for doing that?

Is there any way to do so with one VPN?

 

 

2 Solutions
Toshi_Esumi
Esteemed Contributor III

Similar discussion was here:

https://forum.fortinet.com/tm.aspx?m=111123

You need to backup the config and modify it. But it's talking about "local ID" instead in the thread. But it should be exactly the same. My saved config shows like below because I don't have any id configured:

 

  <ipsecvpn>

     ....

     <connections>

        <connection>

         .....

              <localid />

              <peerid />

              ....

So you can insert like

              <peerid>PEER_NAME</peerid>

 

Then restore the config to the client.

View solution in original post

Toshi_Esumi
Esteemed Contributor III

I've never seen it in FortiClient's GUI menu. I'm not sure it's configurable in iPhone and Android phone app. For those devices, SSL VPN is more common, which is dial-up by nature and also you can use either LDAP server or Realms to separate user groups to apply different policies. Lots of discussions about SSL VPN in this forum you can refer to.

View solution in original post

7 REPLIES 7
Toshi_Esumi
Esteemed Contributor III

If it's IPSec vpn and the client side can be configured with "peer id" or "server id", you can set "local id" on the Fortigate side at the phase1-interfaces. Otherwise you need to separate them by VDOMs.

ede_pfau
Esteemed Contributor III

Exactly, use peerIDs to seperate VPNs. This is well documented in the Admin Guide or the Cookbook (I think...). FortiClient should support peerID even on iOS.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
daac
New Contributor

Hello I would like your help regarding two vpn dialup in the same interface, if I set up a local Id the Fortigate in Forticlient I do not see any peer id option, the only thing I could do to work for me was to allow an id xxx in fortigate and in the forticlient configure in local id xxx, or that another option exists. Thank you

Toshi_Esumi
Esteemed Contributor III

Similar discussion was here:

https://forum.fortinet.com/tm.aspx?m=111123

You need to backup the config and modify it. But it's talking about "local ID" instead in the thread. But it should be exactly the same. My saved config shows like below because I don't have any id configured:

 

  <ipsecvpn>

     ....

     <connections>

        <connection>

         .....

              <localid />

              <peerid />

              ....

So you can insert like

              <peerid>PEER_NAME</peerid>

 

Then restore the config to the client.

daac

Hello, thanks for the answer, take a backup to the configuration of the forticlient, make the modification and I will do tests, but one more doubt in any version is it possible to add it without editing the backup? and the peer id in ios and android if it is visible in forticlient? Thank you

Toshi_Esumi
Esteemed Contributor III

I've never seen it in FortiClient's GUI menu. I'm not sure it's configurable in iPhone and Android phone app. For those devices, SSL VPN is more common, which is dial-up by nature and also you can use either LDAP server or Realms to separate user groups to apply different policies. Lots of discussions about SSL VPN in this forum you can refer to.

daac

Thanks, not to make the issue cumbersome I decided to allow in the fortigate a peer id and in forticlient configure the local id, with it the tests came out Ok

Labels
Top Kudoed Authors