Solved! Go to Solution.
I’ve needed to configure an IPSec VPN between a Fortigate 60D and a Mikrotik, and I didn't found a dedicated whitepaper or blog post on this topic.
After figuring out the configuration steps I've created the following blog post, here is the link in case it will help someone: http://www.fastbit.ro/en/ipsec-site-to-site-vpn-between-fortigate-and-mikrotik/
Hi,
i try to follow the instruction on that link, my tunnel is up but still can not ping from lan fortigate and lan mikrotik
any suggest?
i see on that link mikrotik can ping lan fortigate.
thank you
regards
regarding the steps on the blog for the fortigate to mikrotik vpn setup.
what is int-vlan10 and in-vlan20 and Miktotik02 on the fortigate configurations ?
do i have to create these interface on the fortigate network interface ?
i only have LAN,WAN, DMZ and mgmt interface on my FG now.
Hi kinmun,
Consider "int-vlan10" and "int-vlan20" as internal LAN. Those are two network segments in internal network. In your setup this will be the "LAN"
The "Mikrotik02" is the remote subnet, representing the IP subnet of the remote location that will be connected through VPN with the Fortigate. If you don't have this created, than you will need to create this in the Firewall section, as an object.
kinmun wrote:regarding the steps on the blog for the fortigate to mikrotik vpn setup.
what is int-vlan10 and in-vlan20 and Miktotik02 on the fortigate configurations ?
do i have to create these interface on the fortigate network interface ?
i only have LAN,WAN, DMZ and mgmt interface on my FG now.
OK, I may be stupid...
Mikrotik RB2011 (brilliant router by the way) to FGT60C (soon to be replaced).
I followed your (MariusM) setup.
The tunnel is established, phase2 is there.
I can't get any traffic through. I can see packets increasing on the FGT side, but ping fails, as any other kind of traffic.
Yes, I do have IPv4 Policy on FGT side, this is where I see counters increasing.
I have setup an L2TP server on the RB2011 as well, and this one works fine.
Which step could I be forgetting ?
(as usual... I'm sure it must be very very stupid)
OK... now I don't get it.
I used Mikrotik reference for IPSec tunnels, and added forward filter rules.
Traffic now goes from Mikrotik side subnet to the FGT side subnet. But not the other way round !
Getting mad...
(I love routing !!)
The next step would be to follow a packet from the FGT LAN into the tunnel, using 'diag debug flow'. You can find zillions of posts here showing how to use it if you're not already familiar with it. This would show you whether or not the traffic reaches the tunnel - if it does, start debugging on the other side.
You can complement this approach with 'diag debug sniffer packet' on the LAN and the tunnel interfaces, resp. This will give you an immediate answer if traffic is present at the right places but won't give you any explanations for failures.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.