Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rdalrymple
New Contributor

IPSEC tunnel from Fortigate 60F to Cisco Route 1941

So we have an office with an old Cisco 1941 router and were stuck with it for a little bit. Long and short im trying to configure my fortigate 60F to do an ipsec tunnel to the cisco device and its not working.  Here is my Fortigate Config https://imgur.com/a/pric2sK

 

Here is the cisco side. crypto isakmp policy 5  encr aes 256  authentication pre-share  group 2  crypto isakmp key mykey address 40.40.40.40 crypto ipsec transform-set AES-256 esp-aes 256 esp-sha-hmac  mode tunnel   crypto map VPN 15 ipsec-isakmp  set peer 40.40.40.40  set transform-set AES-256  match address GROUP  ip access-list extended GROUP  permit ip 192.168.8.0 0.0.0.255 10.18.27.0 0.0.0.255  permit ip 192.168.8.0 0.0.0.255 10.18.100.0 0.0.0.255  permit ip 192.168.8.0 0.0.0.255 10.254.18.0 0.0.0.255  permit ip 192.168.8.0 0.0.0.255 10.18.101.0 0.0.0.255

 

Rdal
Rdal
1 REPLY 1
Toshi_Esumi
SuperUser
SuperUser

Having touched Cisco's policy-base (crypto map) IPsec for years to can't remember the default value of those key config, which doesn't show in "sh run". But I don't see anything particular causing the problem (assuming it does come up ("UP-ACIVE") instead of doesn't route).

IKE debug on either or both sides would show you why it doesn't come up.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors