Skip to main content
kinmun
kinmun
New Member
May 14, 2015
Solved

site to site vpn with Mikrotik router

  • May 14, 2015
  • 6 replies
  • 20600 views

Can FG300D support site to site vpn with mikrotik router?

I may need to enable site to site vpn with a 3rd party business network.

they are using mikrotik brand of router with firewall features.

what type of vpn method should i use?

 

from their website, the following technologies are supported

  Ipsec – tunnel and transport mode, certificate or PSK, AH and ESP security protocols

Point to point tunneling (OpenVPN, PPTP, PPPoE, L2TP) Advanced PPP features (MLPPP, BCP) Simple tunnels (IPIP, EoIP) 6to4 tunnel support (IPv6 over IPv4 network) VLAN – IEEE802.1q Virtual LAN support, Q-in-Q support MPLS based VPNs 

    Best answer by Christopher_McMullan

    This older forum post ends with a link to a third-party blog which may provide the necessary steps for your situation:

    https://forum.fortinet.com/tm.aspx?m=103954

     

    6 replies

    Christopher_McMullan
    Staff
    Christopher_McMullanAnswer
    Staff
    May 14, 2015

    This older forum post ends with a link to a third-party blog which may provide the necessary steps for your situation:

    https://forum.fortinet.com/tm.aspx?m=103954

     

    juanchonica
    juanchonica
    New Member
    May 16, 2015

    kinmun wrote:

    Can FG300D support site to site vpn with mikrotik router?

    I may need to enable site to site vpn with a 3rd party business network.

    they are using mikrotik brand of router with firewall features.

    what type of vpn method should i use?

     

    from their website, the following technologies are supported

      Ipsec – tunnel and transport mode, certificate or PSK, AH and ESP security protocols

    Point to point tunneling (OpenVPN, PPTP, PPPoE, L2TP) Advanced PPP features (MLPPP, BCP) Simple tunnels (IPIP, EoIP) 6to4 tunnel support (IPv6 over IPv4 network) VLAN – IEEE802.1q Virtual LAN support, Q-in-Q support MPLS based VPNs 

    you can use: ipsec tunnel mode, psk, esp, 

    in the fortigate you must configure ipsec interface mode

    kinmun
    kinmunAuthor
    New Member
    June 27, 2015

    will the site-2-site vpn work if the mikrotik side uses dynamic ip using ddns host name instead of static ip address?

    juanchonica
    juanchonica
    New Member
    June 27, 2015

    must work, i have configured using static ip, you can try using client-server.

    kinmun
    kinmunAuthor
    New Member
    July 1, 2015

    i have tested the vpn connection with the mikrotik router.

    managed to get phase 1 connection but the vpn status dont show anything.

    nothing on phase 2 connection

    am i doing anything wrong

     

     

    kinmun
    kinmunAuthor
    New Member
    July 5, 2015

    my tunnel with the mikrotik router is setup. after the initial testing, where i was able to ping to n fro, i cant do it now. is there something wrong with the setup? i keep seeing the tunnel up down.

    the mikrotik is the intiator.

     

     

    this is the phase 2 config

     

    edit "datacentre" set phase1name "XXXXXX" set proposal aes128-sha1 set dhgrp 5 set keepalive enable set auto-negotiate enable set keylifeseconds 1800 set src-subnet xx.xxx.xx.0 255.255.255.0 set dst-subnet xx.xxx.xx.0 255.255.255.0

     

    Terms & ConditionsAccessibility statement