FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rbarnes
Staff
Staff
Article Id 339118
Description

This article describes the scenario where an IPsec VPN is built to a third-party firewall or VPN appliance and the phase2 is failing.

The issue is caused by the spi keys that are not read in the same order by the third-party device. This does not occur from FortiGate to FortiGate.

Scope FortiGate.
Solution

To solve this issue set specific phase2 selectors. It is not recommended to use address groups just manually type out phase 2 selectors.

 

See the image below for the example.

 

ipsecvpntothirdpartydevice.png

 

Contributors