Hello
I have been trying to make this work
I was fallowing a manual from fortinet and well its working but not totally
i got a fortinet an in the internal of one port i got the internal network 192.168.1.0/24 ... i got no problem with it.. i can make it work just for that
But then i got a DMZ another port2 which as far i see( i didnt install that fortinet) it has like a WAN(P2P) link i mean a /30 and well it seems that for all the other netoworks there is a static pointing to the other ip of that link i mean 10.1.1.1 for dmz port and 10.1.1.2 for the remote... and well its pointing to the remote
Let say the network in the internal port1 which is 192.168.1.0/24( i reach that one)
On port 2 there is a static route pointing to a router 10.1.1.2 and that router manage all the networks( i cant reach these networks with my configuration)
My fortigate
i think the problem its on th epolicies...
Policies
First policy
Source Port1
Source Address All
Destination port WAN1
Destination address Fortinet users network(this is the network i configured in my forticlient)10.1.2.0/24 in this case
Action:IPSEC
VPN Tunnel: i picked the ipsec i created.
Second policy
Source Port2
Source Address All
Destination port WAN1
Destination address Fortinet users network(this is the network i configured in my forticlient)10.1.2.0/24 in this case
Action:IPSEC
VPN Tunnel: i picked the ipsec i created.
Forticlient Configuration
Remote Gateway:The ip address of my WAN fortinet unit
Remote Network:im putting the network behind the port1 which is in this example 192.168.1.0/24(when i click advanced im able to add more networks)
Preshared key:The preshared key im using
I click advance
IKE and IPSEC(this is okay because if this was wrong the tunnel wont even go up...)
Advanced
I check on Acquire Virtual IP Address
I do manually set
And put this ip
10.1.2.2 mask 255.255.255.0
IPSEC Phase 1 config
IPSEC
Phase 1
Name:IPSEC_Test
Remote Gatewa:dialer user
Local Interface:wan1
Mode:Main Mode
Authentication Method:Preshared Key
Accept Any Peer
P1 Proposal
Encriptation:3DES Authentication SHA1
DH Group 5
KeyLife:28800
NAT Transversal(check)
Keep Alive frequency 10
Dead Peer Detection(check)
Phase 2
Name:IPSEC_TEST
Phase1:IPSEC_TEST
P2 Proposal
Encriptation:3DES
Authentication:SHA1
Enable Replay Detection
Enable PFS
DH GRoup 5
KeyLife: 3600 Seconds
I leave quick mode selector in all 0s
I cannot even reach the 10.1.1.0 network with this configuration and i though iwould jeez =(
Someone help ? =D i just start installing fortigates like 3 weeks ago(firewalls in general) hehe so i dont know that much.