Hi guys! I'm needing some assistance regarding a IPSec tunnel I'm trying to create with a external company. They need to get access to a server in my server farm. The server's IP address is 10.39.1.61. The client is going to connect from the IP 192.168.186.62. I don't want to show them my real IP address, so I want to use NAT to hide this. I've been trying to arrange a IPSec tunnel using a VIP object as my "dst address" value. I also tried to create an address object with the value of the external IP from an already created VIP. None of those cases has worked for me. My peer has an ASA 8.3(2), if that matters.
I get to connect phase 1 completely. But I'm not seeing no attemps to establish phase 2.
Is it possible to create this VIP object and use it for hide my server?
Thanks in advance.
Good to hear that P1 is getting established
Regarding P2 in Quick Mode Selector what are you specifying (VIP or Actual IP)?
Also while defining VIP are you specifying External Interface as IPSEC Tunnel or physical Interface ?
Ahead of the Threat. FCNSA v5 / FCNSP v5
Fortigate 1000C / 1000D / 1500D
Thanks for the help guys
Dipen wrote:I defined the external interface as "any". I've changed to the IPSec Tunnel now, assuming that that's what you mean. I have to wait for the client to test it.Good to hear that P1 is getting established
Regarding P2 in Quick Mode Selector what are you specifying (VIP or Actual IP)?
Also while defining VIP are you specifying External Interface as IPSEC Tunnel or physical Interface ?
Yes, just ensure the proxyid on the cisco and fgt are that of VIP & all correct fwpolicies & routes exists. I'm assuming this is a route-based vpn?
The diag debug flow will provide you details on what's missing or maybe why it's not working.
Also make sure you DO NOT enable nat on the policies for that vip and vpn tunnel.
PCNSE
NSE
StrongSwan
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.