Fortigate - Cisco router IKEv2 with set network-id

Question

Hi,

I need to establish a tunnel with an existing VPN IPSec configuration. The configuration are routed base topology. I have several tunnel between Fortigate and bgp routing, no problem for that. But I need connect Cisco router in ipsec IKEv2. I tested to UP this tunnel in a lab, it's OK, but in my actual config I need use command "set network-id xx".

But for the cisco router, I don't find this attribute in IKEv2 negotiation.

Thank you for your help

vsharma · Answer

Hello,

The network ID is a Fortinet-proprietary attribute that is used to select the correct phase 1 between IPsec peers, so that multiple IKEv2 tunnels can be established between the same local/remote gateway pairs.

So it may not be available in Cisco.

Please refer below and see if you have a use case to use network-id.

- https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/790613/phase-1-configuration

It's explained under "Additional CLI configurations".

Please upvote and mark as resolved if it helps.

Thanks.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded