| Description |
This article describes how to setup IPSEC VPN between FortiGate and Sophos when FortiGate is behind NAT. |
| Scope | FortiGate. |
| Solution |
1) Example of topology.
FortiGate(WAN1) 1.1.1.1<--> SNAT x.x.x.x <-> Internet <-> y.y.y.y Sophos
FortiGate using 1.1.1.1 as private IP address and SNAT to x.x.x.x as public IP. Sophos using y.y.y.y as public IP.
Note. All the pre-shared key (PSK) and proposal are the same between FortiGate and Sophos.
2) FortiGate IPSEC settings Phase1.
# set interface "wan1" set remote gateway y.y.y.y
3) Sophos IPSEC settings Phase1.
remote x.x.x.x
4) Troubleshooting on FortiGate.
Phase1 is up but tunnel is not up and FortiGate IKE debug shown with keyword 'INVALID-ID-INFORMATION'.
5)Setup 1.1.1.1 in the VLAN ID (optional) on Sophos side to make IPsec tunnel up.
|
