Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
emhe13
New Contributor II

Created on ‎04-13-2022 04:42 PM

IPse VPN site to site issue

Configure an IPSEC VPN site to site between two Fortigates, in one of the points there is a public IP but in the other site there is an adsl link I cannot put the modem in bridge mode but in DMZ, I have not been able to get these These are the screens I get when running the diagnose vpn ike log-filter dst-addr4 command

I don't know what setting I'm missing

 

FortiGate with DDNS modem in DMZ:

emhe13_0-1649893051819.png

FortiGate with IP public:

emhe13_1-1649893072941.png

 

Labels:
697
0 Kudos
2 REPLIES 2
akristof
Staff
Staff

Created on ‎04-13-2022 11:41 PM

Hi,

Thank you for your question. What I would suggest, use dynamic tunnel on FortiGate with public IP address (so it will only listen for connection) and use static VPN on FortIGate with private IP address. Example:

https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/523447/configure-dial-up-dynamic-vpn

Then you don't need ddns and only IP address that is required is the public IP that the remote FortiGate (with privateIP) will be connecting to.

Adrian
637
0 Kudos
sw2090
Honored Contributor

Created on ‎04-14-2022 02:25 AM Edited on ‎04-14-2022 02:27 AM

if your modem ain't in bridge mode you might have to set up portforwarding so that it forwards vpn traffic to your Fortigate.

You will need to forward 500/udp for IPSec and (If enabled) 4500/udp for NAT Traversal.

without that responses from one side cannot reach the other.

Result would be what you get: several tries to resend in p1 followed by a negotiation timeout...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
632
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.