Hi,
i have fortigate 1200D on HQ connecting to multiple Remote Sites that have Cisco Routers all the tunnels are UP and we are using ospf ,from the remote sites i can ping the fortigate 1200D from all the routers but from the HQ i can ping only one the first on dialup list , how to fix this problem
fortigate config
config vpn ipsec phase1-interface edit "internet" set type dynamic set interface "port2" set mode aggressive set peertype any set net-device disable set proposal des-md5 set add-route disable set localid "internet" set dpd on-idle set psksecret cisco set dpd-retryinterval 60
config vpn ipsec phase2-interface edit "internet" set phase1name "internet" set proposal des-md5 set keepalive enable next end
config router ospf set router-id 1.1.1.1 config area edit 0.0.0.0 next end config ospf-interface edit "1" set interface "internet" set mtu-ignore enable set network-type point-to-multipoint-non-broadcast next end config network edit 1 set prefix 10.98.150.0 255.255.255.0 next edit 2 set prefix 10.1.0.0 255.255.0.0 next end config redistribute "connected" end config redistribute "static" end config redistribute "rip" end config redistribute "bgp" end config redistribute "isis" end end
edit "internet" set vdom "root" set ip 10.1.1.1 255.255.255.255 set allowaccess ping https ssh set type tunnel set remote-ip 10.1.255.254 255.255.0.0 set snmp-index 7 set interface "port2" next
Cisco :
crypto isakmp policy 10 hash md5 authentication pre-share group 5 crypto isakmp key cisco address x.x.x.x crypto isakmp keepalive 30 5 periodic ! crypto isakmp peer address x.x.x.x set aggressive-mode password cisco set aggressive-mode client-endpoint fqdn site-1 ! ! crypto ipsec transform-set TR_SET esp-des esp-md5-hmac mode tunnel ! crypto ipsec profile TEST_PRO set security-association lifetime seconds 43200 set transform-set TR_SET set pfs group5 ! ! ! ! ! ! ! interface Tunnel1 ip address 10.1.200.254 255.255.0.0 ip ospf network point-to-multipoint non-broadcast ip ospf mtu-ignore ip ospf 1 area 0.0.0.0 tunnel source 1.1.1.1 tunnel mode ipsec ipv4 tunnel destination x.x.x.x tunnel protection ipsec profile TEST_PRO !
router ospf 1 network 10.98.200.0 0.0.0.255 area 0.0.0.0 neighbor 10.1.1.1
Hi chinga, finally, did you can resolve this issue? I have the same scenario and the same behavior.
Let me know please!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.