FortiGate and Windows L2TP / IPsec with Split Tunneling
Problem In some scenarios, the user does not want to install an additional VPN client on their device, but use the already built-in one from Windows. Thus, the FortiGate SSL VPN solution cannot be used. So that only systems behind the FortiGate unit are accessible, a split tunnel connection must be established. Solution The L2TP over IPsec VPN solution is used for this purpose. First an IPsec connection is established between the client and FortiGate and then an L2TP connection is established. This is authenticated via a PSK and L2TP via username and password. The following steps are necessary to implement this solution. IPsec Connection config vpn ipsec phase1-interface edit "Dialup" set type dynamic set interface " wan " set peertype any set net-device disable set proposal aes256-md5 3des-sha1 aes192-sha1 set dhgrp 2 set wizard-type dialup-windows set psksecret **** next end config vpn ipsec pha