Topology:

FortiGate --------IPsec site to site-------Versa cloud.

In the Versa Cloud VPN configuration, the Remote ID or Local ID field under Phase 1 settings is mandatory. In contrast, on FortiGate devices, the Local ID field within the Phase 1 VPN settings is optional.

To successfully establish the VPN tunnel between Versa Cloud and FortiGate, the Versa Cloud VPN configuration must include either a Remote ID or Local ID, as required by Versa. On the FortiGate side, the Local ID field should remain at its default setting, since it is not mandatory for tunnel establishment.

For example, in the Versa Cloud IPsec VPN configuration, the Remote or Local ID under Phase 1 settings is set to '89.23.4.1'. This parameter should be configured only on the Versa Cloud IPsec Phase 1 VPN settings.

On the FortiGate device, the Local ID field should remain empty or set to its default value to ensure successful tunnel establishment. The VPN tunnel will fail to establish if the same Remote or Local ID value ('89.23.4.1') is configured under the FortiGate Phase 1 VPN settings.

On FortiGate Phase 1 vpn settings:

config vpn ipsec phase1-interface

    edit "Test"

        set interface "wan1"

        set peertype any

        set localid <---------------------------- Leave default.

        set localid-type auto

        set net-device disable

        set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

        set comments "VPN: Test (Created by VPN wizard)"

        set wizard-type static-fortigate

        set remote-gw 10.10.10.10

        set psksecret