FortiGate as dialup client

This is a sample configuration of dialup IPsec VPN and the dialup client. In this example, a branch office FortiGate connects via dialup IPsec VPN to the HQ FortiGate.

You can configure dialup IPsec VPN with FortiGate as the dialup client using the GUI or CLI.

To configure IPsec VPN with FortiGate as the dialup client in the GUI:
  1. Configure the dialup VPN server FortiGate:
    1. Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
      1. Enter a VPN name.
      2. For Template Type, select Site to Site.
      3. For Remote Device Type, select FortiGate.
      4. For NAT Configuration, select The remote site is behind NAT.
      5. Click Next.
    2. Configure the following settings for Authentication:
      1. For Incoming Interface, select the incoming interface.
      2. For Authentication Method, select Pre-shared Key.
      3. In the Pre-shared Key field, enter your-psk as the key.
      4. Click Next.
    3. Configure the following settings for Policy & Routing:
      1. From the Local Interface dropdown menu, select the local interface.
      2. Configure the Local Subnets as 10.1.100.0/24.
      3. Configure the Remote Subnets as 172.16.101.0/24.
      4. Click Create.
  2. Configure the dialup VPN client FortiGate:
    1. Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
      1. Enter a VPN name.
      2. For Template Type, select Site to Site.
      3. For Remote Device Type, select FortiGate.
      4. For NAT Configuration,