Hello,
I'm currently building a site-to-site IPSEC VPN but I would like to know if its possible to use a private IP (10.10.10.0/30) network. Below is my current configuration.
Firewall A:
Port 10: 10.10.10.1/32 Firewall B: Port 9: 10.10.10.2/32
Both port interface is connected using a cross-cable.
Problem: I tried to create an IPSEC - Phase 1 but the tunnel is still down.
Thank You
Solved! Go to Solution.
Make sure you build the policies. The tunnels will not come up unless the interesting traffic is requested by policies.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
ede_pfau wrote:Why are you recommending that the quick mode selectors should be more specific? In a site to site scenario I don't see any reason to use something other than 0.0.0.0/0hi,
and welcome to the forums.
The value of the WAN addresses don't matter. If you're using a PSK, make sure it is identical on both sides (this is IMHO the most common error in failing VPN setups). In phase2, the Quick Mode selectors should be more specific than the '0.0.0.0/0' defaults.
If you need more support, please post the phase1 and phase2 config, along with the policy and the static route which are needed for this to work.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.