IPSEC VPN to transparent mode unit

Forum|Forum|9 years ago
August 27, 2016
1 reply
10446 views

Hi all,

is it possible to setup an IPSEC VPN between this units:

unit A: Fortigate 60d 5.2.8 - nat mode

unit B: Fortigate 50b 4.3.18 - transparent mode

Any help is appreciated.

L

ede_pfau

SuperUser

Yes, that's possible. This is one of the RARE situations in which you need to create the IPsec VPN in "policy mode" (as opposed to "interface mode" or "route mode"). For this, you define the VPN parameters as usual but in Phase1 you make sure to tick "policy mode".

Then, the access policy's action needs to be "IPSEC" instead of "ACCESS".

For all the relevant details please look up "IPsec VPN" in the Reference Guide.

MikePruett

New Member

Ede hit the nail on the head. Policy based IPSec tunnel creation on the transparent device will enable this to function as you need. Please note that any device that is upstream (ASA firewall or other security device) will need the proper ports and protocols open to allow the transparent device to build the tunnel through it.

LucascatAuthor

New Member

Thank you Ede, but on 5.2.8 I don't find "policy mode" when I create VPN (gui).

Perhaps it is possible only using CLI?

L

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded