Hello,
I have a 60D and trying to make a VPN to AZURE with no success, I have used the official document from Fortigate Cookbook with no success...
Taking a look at the logs I can see a failure in phase 1
user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status=negotiate_error reason="peer SA proposal not match local policy"
Do any of you have an idea of which are the right parameters for SA?
On the Azure compatibility lists says FortiOS is supported and I followed the Fortinet guideline step by step but nothing...
Thanks in advance
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi !!!
In vpn site 2 site there are 2 phase for configuration:
Phase1:
IKE version
Pre-sharekey
WAN connection is ok on both site
DHGroup =2 or ?
Encryption= sha1 or md5 or ..... etc
enabled IKE interface in your FGT.
Phase2:
Remote network
Local network
Encryption 3Des sha
Auto Negotiation and keep alive time
Route
I seem you said above your are wrong configuration in phase 1 so please check pre-sharekey and or DHGroup between both site.
Hi,
I know about that all, my problem is that I don't have the remote side parameters... They are using Microsoft Azure service, I found a document in the Fortinet site with all that parameters so I followed it and configure the site 2 site vpn according to that document but it didn't work maybe they are wrong, what I'm looking for is if anybody knows the right parameters so i can configure the Fortigate 2 Azure VPN
I to have issues with this. Did you ever get it fixed?
Azure has two tunnel setups. Policy based and route based. The one you use also determines some of the characteristics of the Phase1's and 2's.
Review the configs on both sides just to be certain everything is proper. Pay close attention to any policies that allow the traffic to traverse as well.
Mike Pruett
You have to play with encryption parameters and try to see which one best suits your needs, I did it that way till it worked. Now I don't have any issues and have had this up for months ago
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.