FortiGate to Draytek Vigor IPSEC VPN

Forum|Forum|15 years ago
November 9, 2010
3 replies
5861 views

Hi, I am trying to set up an IPSEC vpn between my fortigates and a draytek vigour. I' ve created the phase one and phase two on the FortiGates as I have done for other IPSEC vpns (ones connected to other fortigates) so this side looks OK. I' ve setup the Draytek using the guide on their website but having no luck bringing up the tunnel. Does anyone have any guides on this setup? Anyone done anything similar with a fortigate to thirdparty firewall? Any help would be much appreciated. Thanks

abelio

SuperUser

hello, there' s an old article for this http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=10489&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=11515798&stateId=0%200%2011517495 I guess that the more relevant part are the limitation list: DRAYTEK configuration

model vigor2600 annex A firmware version : v2.5_UK - MAIN MODE ONLY (cannot be configured) - DH2 only (cannot be configured) - MD5 hash function only (cannot be configured) - phase 2 key live is per default 3600 sec (cannot be configured) - no nat traversal compliant - no DPD compliant

Maybe adjusting the FTG side to that restrictions, you can be lucky. regards,

ciscokid1903Author

New Member

Thanks for this Abel, I will try out those settings. Do you know if rules need to be configured on draytek firewall to allow the IPsec traffic?

ciscokid1903Author

New Member

Eventually got this working, just had to try a few settings. One of the ones to note is to enable the Dead Peer Detection on the FortiGate and also enable perfect forward secrecy on the phase 2 settings on both ends.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded