Dear all,
I'm stuck config VPN site to site between fortigate 300c and Draytek 2950.
In Draytek:
Dial out IPSec Tunnel IKE phase 1 : 3DES_MD5_G5 IKE phase 2: 3DES_MD5 Main ID protection
in Fortigate:
Phase 1: Main ID Protection 3DES_MD5 DH Group 2,5 Keylife 28800 Phase 2: 3DES_MD5 DH Group 5 Keylife 3600
adready setup policy accept IPSEC
I can not bring this tunnel up.
Please help!
Thanks
ike 0:vpn:61: remote address 115.78.161.0 does not match configuration address 115.78.166.114, dropYou should check that first.
Dear Ede
i also check again config on the both devices .
No problem for the configuration.
any advice on this!
Many thanks!!!
Come on, you've got to provide more info than this! Do you really expect to come anything out of this with only breadcrumbs? Jeez.
Who is 115.78.116.0, who is 115.78.166.114, what are the 2 public IP addresses exactly (one DT, one FGT)? Screen shots of the DT config page? Config of the FGT (as text), phase1 will do for now.
We have some one here at our office doing the same Vigor to FGT. They have a document of how it should be configured which is simple.
PCNSE
NSE
StrongSwan
Dear Emmoc
Could you share that document for my reference!
Many thanks
try this
http://www.draytek.com/index.php?option=com_k2&view=item&id=2028&Itemid=293&lang=en
PCNSE
NSE
StrongSwan
Dear Emmoc,
Thanks for your help!
I already refered this document before and followed step by step.
But still can not bring tunnel up with Error "remote address x.x.x.x does not match configuration address A.B.C.D, drop "
Thanks
Do you have phase1 & 2 proposal matching?
Do you have have local/remote subnets ( src/dst for our fortigate ) matching? I will probably get stuck with this tomorrow with our UK office and will post a outcome of what I do.
PCNSE
NSE
StrongSwan
Dear Emnoc,
Thanks for your effort support!
I just find out the problem!A VIP is configured on either of the firewall for this external IP.
Just remove the VIP ,It's Ok now.
Regards
Vinh
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.