- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate-Meraki VPN success
I didn't find much information on setting up a VPN with a Fortigate and a Meraki SA so thought I would post how I got it to work in case anyone else needs to do the same:
1) Meraki has a well-documented config to use on their end with non-Meraki peers so I will not repeat that here.
2) Create VPN-IPsec-Tunnel on the Fortigate matching the Meraki config parameters in Step 1. All Unchecked: Mode Config, NAT Traversal, Dead Peer Detection, Enable Replay Detection, Enable PFS, Autokey Keep Alive, Auto-negotiate.
3) Create static route on Fortigate from internal subnet to VPN named in step 2.
4) Create policies inbound and outbound to/from internal and remote subnets using the internal and VPN interfaces, respectively.
I was working with Fortigate 60C and 40C with FortiOS 5.2.2 and 5.2.5. The two main gotchas for me were Mode Config and the static route.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this still stable for you?
I have a Meraki MX 100 and Forti 1500D and have 1 tunnel that establishes but drops with Invalid SPI errors.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That was a temporary connection until we got all our Fortinets switched out to Meraki. So, we no longer have any Fortinet-Meraki tunnels.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
krumbp wrote:I know this is a long time ago but any solutions to this issue ?Is this still stable for you?
I have a Meraki MX 100 and Forti 1500D and have 1 tunnel that establishes but drops with Invalid SPI errors.