Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
q_lenin
New Contributor

Fortigate IPSec VPN site-to-site Kerio Control

Hi All,

 

I found only this http://kb.kerio.com/product/kerio-control/vpn/configuring-ipsec-vpn-tunnel-kerio-control-and-another...

 

But i cannot connect each other so any idea or manual with fortigate 60 C

 

Fortigate 50b v4.0,build0689,140731 (MR3 Patch 18)

Kerio Control 9.1.2

 

 

 

 

1 REPLY 1
emnoc
Esteemed Contributor III

Just setup a  static  route-based vpn like that to a ciscoASA

 

1: set the proposal for what you want ( no multiple  proposal )

 

2: set the  subnet-type ( LOCAL/REMOTE  need to match the far-end REMOTE/LOCAL )

 

3: don't expect a lot for support ( Most of the Kerio engineers I meet are fools about IPSEC and the product ) Sad but 100% true.

 

;(

 

Here's what I configured after battling keri for over 5 days for a simple or should HAVE been a simple vpn;

 

 

config vpn ipsec phase1-interface

    edit "POLKCWIKS"

        set interface "port1"

        set keylife 28800

        set proposal aes128-md5

        set negotiate-timeout 600

        set comments " ******blah--blah****** "

        set npu-offload disable

        set localid "SHAREDKEYID between FGT+KERIO"  

        set localid-type  keyid

        set dhgrp 5

        set remote-gw x.x.x.x

        set psksecret  mystrongpskshared between the 2

    next

 

config vpn ipsec phase2-interface

    edit "POLPH2-1"

        set phase1name "POLKCWIKS"

        set proposal aes128-md5  

        set dhgrp 5

        set comments "DST SERVERS SUBNET POLICE fl#4"

        set src-subnet 10.94.22.0 255.255.255.255

        set dst-subnet 10.12.1.0 255.255.255.0

    next

end

 

 

 The keyid type of  keystring and set-id in the kerio vpnsetup has to match. If you re-set the key-id, flush the   phase1 on both appliances. On the Kerio side just disable the von-tunnel and re-enable after 1min or so.

 

Good luck.

 

 

Ken

 

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors