Hi!
Should the Local Address be an internal address like 192.168.14.0 at our site and the remote address an internal address for the remote site lika 192.168.15.0 or should it be external addresses?
Thank you.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The selectors (as the name implies) 'select' the networks that are allowed to pass through the tunnels on the INSIDE of the VPN, so yes the private addresses are the ones to be used here. Phase 1 determines the peer connections.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
The selectors (as the name implies) 'select' the networks that are allowed to pass through the tunnels on the INSIDE of the VPN, so yes the private addresses are the ones to be used here. Phase 1 determines the peer connections.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Thank you! The firewall tells me that the IPsec tunnel is down. I can't bring it up. The log says that Phase 1 is successfully though.
What are you connecting with ( cisco palo fortigate juniper ). You need to validate ike/ipsec settings and monior for IKE/IPSEC SAs
Ken
PCNSE
NSE
StrongSwan
Thank you for the reply. I'm trying to connect to a Cisco ASA. Where do I find the monitor for IPsec/IKE?
Hi, please set as local address the local internal lan (192.168.14.0) and as remote address the remote lan (192.168.15.0). Kind regards.
Kind regards
Jens
Thank you!
I have this same Issue, everything seems to be correctly configured, outgoing and incomming policies, static route, ike, encryption and DS groups on both FG devices. But when I try to bring up phase 2 selectors, it pretty much does nothing but keep successfully negotiating phase 1.
Welcome to the forums.
Look into the logs. (Log&Report, Event log) There should show you the result of the tunnel negotiation in detail.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
If these are route-based vpn, ensure a route is present.
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.