Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate To Multiple Cisco Routers With OSPF Site-To-Sites


i have fortigate 1200D on HQ connecting to multiple Remote Sites that have Cisco Routers all the tunnels are UP and we are using ospf ,from the remote sites i can ping the fortigate 1200D from all the routers but from the HQ i can ping only one the first on dialup list , how to fix this problem 


fortigate config 


config vpn ipsec phase1-interface edit "internet" set type dynamic set interface "port2" set mode aggressive set peertype any set net-device disable set proposal des-md5 set add-route disable set localid "internet" set dpd on-idle set psksecret cisco set dpd-retryinterval 60


config vpn ipsec phase2-interface edit "internet" set phase1name "internet" set proposal des-md5 set keepalive enable next end


config router ospf set router-id config area edit next end config ospf-interface edit "1" set interface "internet" set mtu-ignore enable set network-type point-to-multipoint-non-broadcast next end config network edit 1 set prefix next edit 2 set prefix next end config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end


edit "internet" set vdom "root" set ip set allowaccess ping https ssh set type tunnel set remote-ip set snmp-index 7 set interface "port2" next

Cisco : 


crypto isakmp policy 10 hash md5 authentication pre-share group 5 crypto isakmp key cisco address x.x.x.x crypto isakmp keepalive 30 5 periodic ! crypto isakmp peer address x.x.x.x set aggressive-mode password cisco set aggressive-mode client-endpoint fqdn site-1 ! ! crypto ipsec transform-set TR_SET esp-des esp-md5-hmac mode tunnel ! crypto ipsec profile TEST_PRO set security-association lifetime seconds 43200 set transform-set TR_SET set pfs group5 ! ! ! ! ! ! ! interface Tunnel1 ip address ip ospf network point-to-multipoint non-broadcast ip ospf mtu-ignore ip ospf 1 area tunnel source tunnel mode ipsec ipv4 tunnel destination x.x.x.x tunnel protection ipsec profile TEST_PRO !

router ospf 1 network area neighbor

New Contributor

Hi chinga, finally, did you can resolve this issue? I have the same scenario and the same behavior.


Let me know please!


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors