Hi All
Not really sure how to do this (or if its possible).
Essentially I want to ensure traffic (which is normally unencrypted) can be sent securely accross the internet. I can't create a "route based VPN" between the two sites. All I need to do is create a policy (I'm assuming IPSEC) between two public IPs, and tell the respective Fortigate's at each end to encrypt/decrypt any traffic which flows between those two points.
For example, public IPs 100.100.100.100 and 200.200.200.200
Fortigate 100D with FortiOS 5.2.5 at each end
We want to encrypt (with a preshared key) any traffic travelling between these two Firewalls public IPs irrespective of protocol etc. I thought this would be a Policy Based IPSEC, but I wasn't able to get it to work. I see traffic going out on the correct rule after setting Action = Ipsec, but no packets shown on the destination device.
Any advice on direction would be appreciated.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The logs on the destination Fortigate show the following:
peer SA proposal not match local policy
I have read that this could be caused by the fact that we also have a dial up VPN configured on the same Fortigate and they are conflicting.
This procedure applies to both peers. Repeat the procedure on each FortiGate unit, using the correct IP address for each. You may wish to vary the Phase 1 names but this is optional. Otherwise all steps are the same for each peer.
This is the best solution for you!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.