Hi All,
I found only this http://kb.kerio.com/product/kerio-control/vpn/configuring-ipsec-vpn-tunnel-kerio-control-and-another...
But i cannot connect each other so any idea or manual with fortigate 60 C
Fortigate 50b v4.0,build0689,140731 (MR3 Patch 18)
Kerio Control 9.1.2
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Just setup a static route-based vpn like that to a ciscoASA
1: set the proposal for what you want ( no multiple proposal )
2: set the subnet-type ( LOCAL/REMOTE need to match the far-end REMOTE/LOCAL )
3: don't expect a lot for support ( Most of the Kerio engineers I meet are fools about IPSEC and the product ) Sad but 100% true.
;(
Here's what I configured after battling keri for over 5 days for a simple or should HAVE been a simple vpn;
config vpn ipsec phase1-interface
edit "POLKCWIKS"
set interface "port1"
set keylife 28800
set proposal aes128-md5
set negotiate-timeout 600
set comments " ******blah--blah****** "
set npu-offload disable
set localid "SHAREDKEYID between FGT+KERIO"
set localid-type keyid
set dhgrp 5
set remote-gw x.x.x.x
set psksecret mystrongpskshared between the 2
next
config vpn ipsec phase2-interface
edit "POLPH2-1"
set phase1name "POLKCWIKS"
set proposal aes128-md5
set dhgrp 5
set comments "DST SERVERS SUBNET POLICE fl#4"
set src-subnet 10.94.22.0 255.255.255.255
set dst-subnet 10.12.1.0 255.255.255.0
next
end
The keyid type of keystring and set-id in the kerio vpnsetup has to match. If you re-set the key-id, flush the phase1 on both appliances. On the Kerio side just disable the von-tunnel and re-enable after 1min or so.
Good luck.
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.