Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Site-to-site IPsec VPN from forti OS 4.3.15 to 5.4.1



I'm having trouble setting up a site-to-site VPN tunnel from my HQ site, running forti os 5.4.1, to the remote site, running 4.3.15. It seems that I made the settings similar to my previous VPN tunnels, but it's not working. I was wondering if this is because the v4.3.15 is using tunnel mode, but the v5.4.1 is using interface mode. Is it possible to change v5.4.1 to tunnel mode, or to change v4.3.15 to interface mode? The most urgent issue is to know whether these two versions can successfully make a site-to-site IPsec VPN tunnel between them.


I would appreciate any advice!

Thanks a lot~~




We were running 4.3 until about 3 years ago. But at that time we were using interface mode IPSecs. You should be able to set it up an interface mode IPsec on that unit and connect it to the other FG. But eventually you want to upgrade the 4.3 FG to 5.2 or 5.4.


To answer your question: both kinds of VPN setup can communicate with each other kind. Troubleshooting is much easier with Interface mode though, so I'd recommend you re-create the 4.3 VPN in Interface Mode. When creating phase1, there is a checkbox on top for this. You can only change the setting until you hit OK for the first time.


Make sure your Quick Mode selectors are correct on both sides, preferably not wildcards ( but even that would work...

If it doesn't work right away please post the config (text form, from CLI) and then we can further debug the connection setup.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors