Created on 06-28-2022 09:48 PM Edited on 06-28-2022 09:59 PM By Anonymous
Description |
This article describes how to setup IPSEC VPN between FortiGate and Sophos when FortiGate is behind NAT. |
Scope | FortiGate. |
Solution |
1) Example of topology.
FortiGate(WAN1) 1.1.1.1<--> SNAT x.x.x.x <-> Internet <-> y.y.y.y Sophos
FortiGate using 1.1.1.1 as private IP address and SNAT to x.x.x.x as public IP. Sophos using y.y.y.y as public IP.
Note. All the pre-shared key (PSK) and proposal are the same between FortiGate and Sophos.
2) FortiGate IPSEC settings Phase1.
# set interface "wan1" set remote gateway y.y.y.y
3) Sophos IPSEC settings Phase1.
remote x.x.x.x
4) Troubleshooting on FortiGate.
Phase1 is up but tunnel is not up and FortiGate IKE debug shown with keyword 'INVALID-ID-INFORMATION'.
5)Setup 1.1.1.1 in the VLAN ID (optional) on Sophos side to make IPsec tunnel up.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.