I am trying to create a IPSEC VPN from our Fortigate to a Juniper.
On the Fortigate side I have no access to CLI as managed by a third party. I have asked them to look into it but response may be slow.
On the Juniper side, it is again managed by a third party and I have no access.
We have matching algorithms etc and this is the output from the Juniper:
set security ike proposal IKE-PROP1 authentication-method pre-shared-keys
set security ike proposal IKE-PROP1 dh-group group5
set security ike proposal IKE-PROP1 authentication-algorithm sha1
set security ike proposal IKE-PROP1 encryption-algorithm 3des-cbc
set security ike proposal IKE-PROP1 lifetime-seconds 86400
However the tunnel does not come up. The only logs I can see in the Fortigate GUI constantly repeats:
08:16:49 negotiate success progress IPsec phase 1
but it never passes Stage 1 of P1.
Any suggesting why we are not getting past Stage 1 P1?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Will if you don't have access than your 3rd party is trying to create the VPN
So what type of vpn ( route or policy )?
Looking at what you post for the SRX , that cfg is not complete and is not going to work. You can follow a series post/ blog that's over 4+ years old that gives detail view of how it should look from the SRX
https://forum.fortinet.com/tm.aspx?m=102446
and to under proposals and proposal-sets
http://socpuppet.blogspot.com/2014/12/juniper-proposal-sets-ikeipsec.html
On the fortios side define a std cisco-wizard for site2site and set the proxy-ids for the src/dst-subnets and a route and policy.
Ken Felix
PCNSE
NSE
StrongSwan
In the end it worked after I disable NAT Traversal and enabled Autokey Keep Alive.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1666 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.