iOS device as dialup client

This is a sample configuration of dialup IPsec VPN with an iPhone or iPad as the dialup client.

You can configure dialup IPsec VPN with an iOS device as the dialup client using the GUI or CLI.

To configure IPsec VPN with an iOS device as the dialup client on the GUI:
  1. Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
    1. Enter a VPN name.
    2. For Template Type, select Remote Access.
    3. For Remote Device Type, select Native > iOS Native.
    4. For NAT Configuration, set No NAT Between Sites.
    5. Click Next.
  2. Configure the following settings for Authentication:
    1. For Incoming Interface, select wan1.
    2. For Authentication Method, select Pre-shared Key.
    3. In the Pre-shared Key field, enter your-psk as the key.
    4. From the User Group dropdown list, select vpngroup.
    5. Deselect Require 'Group Name' on VPN client.
    6. Click Next.
  3. Configure the following settings for Policy & Routing:
    1. From the Local Interface dropdown menu, select lan.
    2. Configure the Local Address as local_network.
    3. Configure the Client Address Range as 10.10.2.1-10.10.2.200.
    4. Keep the default values for the Subnet Mask, DNS Server, and Enable IPv4 Split tunnel.
    5. Click Create.
To configure IPsec VPN with an iOS device as the dialup client using the CLI:
  1. In the CLI, configure the user and group.
    config user local
        edit "vpnuser1" 
            set type password
            set passwd your-password
        next 
    end
    config user group
        edit "vpngroup" 
            set member "vpnuser1"
        next 
    end
  2. Configure the internal interface. The LAN interface connects to the corporate internal network. Traffic from this interface routes out the IPsec VPN tunnel. Creating an address group for the protected network behind this FortiGate causes traffic to this network grou