Hello, I' ve managed to up the IPSec VPN tunnel between 2 fortigate firewalls (220.127.116.11 and 18.104.22.168).. However, these 2 public ip addresses abstracted from the external intefaces of fortigate firewalls. In the firewall policy, i have allowed the traffic of private IP addresses (eg. 192.168.31.0 and 22.214.171.124) for both firewalls from internal to external and external to internal. It seems that i couldn' t ping or telnet to remote private IP addresses.. I do a trace route, it seems that the route it goes to default gateway. Please advice. Thanks
In the firewall policy, i have allowed the traffic of private IP addresses (eg. 192.168.31.0 and 126.96.36.199) for both firewalls from internal to external and external to internal.
don' t configure external->internal crypt policies to define a standard Ipsec tunnel
Try to follow the step-by-step example guide http://kc.forticare.com/default.asp?id=689&Lang=1&SID=
and adjust later for your particular situation
Another possible source of problems: your second " private" network 200.1.1.x it' s not really " private" in a RFC' s sense.. these Ip' s are public and alive in the internet, so you' ve the additional task to assure that the peer whose private lan is 192.168.31.x/x " knows" how to reach " your" 200.1.1.x subnet and not the public one. In case of you' re using double-wan, etc, take care of this.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.