- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPse VPN site to site issue
Configure an IPSEC VPN site to site between two Fortigates, in one of the points there is a public IP but in the other site there is an adsl link I cannot put the modem in bridge mode but in DMZ, I have not been able to get these These are the screens I get when running the diagnose vpn ike log-filter dst-addr4 command
I don't know what setting I'm missing
FortiGate with DDNS modem in DMZ:
FortiGate with IP public:
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thank you for your question. What I would suggest, use dynamic tunnel on FortiGate with public IP address (so it will only listen for connection) and use static VPN on FortIGate with private IP address. Example:
https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/523447/configure-dial-up-dynamic-vpn
Then you don't need ddns and only IP address that is required is the public IP that the remote FortiGate (with privateIP) will be connecting to.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if your modem ain't in bridge mode you might have to set up portforwarding so that it forwards vpn traffic to your Fortigate.
You will need to forward 500/udp for IPSec and (If enabled) 4500/udp for NAT Traversal.
without that responses from one side cannot reach the other.
Result would be what you get: several tries to resend in p1 followed by a negotiation timeout...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams