2nd IPSEC Vpn profile for different users

SandroC

Hello, I just would like to know if it is possible to create a separate IPSEC VPN Policy with different routing policies and different security policies for another group of users.
I create first VPN Policy with wizard and everything is fine with that.
I tried to create a new VPN policy with same basic settings but different subnet and I can connect phase1. Nothing is working on phase2.
Can someone confirm it is possible to work like we always did with VPN SSL.
Firewall is FLEX 700 on premise mode.

PeterUK

If your connecting site to site under the same WAN IP of the tunnels you may need to have two phase1 with different Local/Peer ID also you may want a different zone on phase2 when making firewall rules

SandroC

Thank you for your reply @PeterUK i currently solved the problem assigning a different wan interface to the second VPN IPSEC gateway.
Connection is not a site-to-site… it's a remote access (server role).
Basically i created a perfect copy of the one created by the wizard and I assigned different gateway, different subnets and different NATs.

My question now is: what happens if I don't have another wan interface available?
I can only create one VPN IPSEC remote access for all my users?

PeterUK

Yes you might be limited to one remote access (server role) per WAN IP or two ways you can could do it is by phase1 different encryption, authentication that the client uses to connect to server and the server will match what encryption and authentication to the given phase1 to then do phase2. Another way is to split the one WAN IP between two USG by VLAN switch and have the one USG block the other group by DDNS and the other USG allow by DDNS.