Dial-Up VPN Setup WITHOUT Static IP! | FortiGate Configuration Guide

Рет қаралды 6,999

Күн бұрын

Пікірлер: 28

@staticroute 7 ай бұрын

Dialup VPNs are useful where remote branches have no fixed ip address, such as LTE, etc…I hope you find the video useful and as always, I’m curious to know how many people are using Dialup or intend using dialup VPN

@hakim0109 4 ай бұрын

I want to use this VPN dialup but between two Fortigate, so I have in my remote site, a FG-80F and in this FGT I have ISP WAN 1 & WAN 2, and I want to build two IPsec Tunnels in Dialup that connects to the central Fortigate, but I can't do it. what do u think , it's possible ?

@johnvoegeli5705 2 ай бұрын

@@hakim0109 Build out the 2 VPN tunnels (You'll need a second IP on the HUB device as the remote will complain about duplicates) Then use SDWAN feature to decide which tunnel to take ie: when packet loss occurs on WAN1 use WAN2 etc.

@MuhammadImran-xu4fw 7 ай бұрын

Again very helpful. Thanks.

@staticroute 7 ай бұрын

Glad it was helpful!

@ryancheungkkable 5 ай бұрын

Will use it in our production environment soon

@danielcampbell6059 5 ай бұрын

Can you explain what the purpose of creating the user and group on the HUB, if there its not entered anywhere on the spoke routers?

@staticroute 5 ай бұрын

This config is not as straight as one would hope, but the spokes do use their hostname/local-id as username and the PSK as the password. It' not a simple username|password combination..check it here: docs.fortinet.com/document/fortigate/7.4.4/administration-guide/6896/fortigate-as-dialup-client

@swissactiontv5128 5 ай бұрын

I have similar situation, but i have the problem, that with 2 Peers, only one stay online, second is disconnected, if other shows activity the active peer changes, like only one Peer can stay online?

@staticroute 5 ай бұрын

Hey there, you're probably looking for something like ADVPN, I'm uploading a video on that very topic right now, should publish in a few hours. ADVPN improves on Dialup VPNs by enabling spokes to make on-demand connections to each other therefore literally achieving "full-mesh". In the video, I setup BGP with Hub as route reflector, in the case of OSPF, the config is a tiny bit different...please check it out, I'd be interested to know if it's what you're looking for.

@swissactiontv5128 5 ай бұрын

@@staticroute Finally i could fix it, no ADVPN needed. Well on the HUB, Phase2 Selectors is Local and Remote 0.0.0.0 0.0.0.0 and i had to delete static routes toward the branches, cause Only if the Interface Name in the routes is with "_0" or "_1" etc. it knows to which tunnel the traffic needs to go, if there is a static route on the Hub toward the branches the interface in the route not has "_0" in it, so it can`t know which peer it should take On the Branches, the Phase2 Selector is local the local Subnets and Remote is also just 0.0.0.0 0.0.0.0, cause Fortinet can handle that.