hello every one .
recently we faced a problem with fortigate s2s with ADSL connections but , we solved it by changing PORT number and they are working great . thanks for all of you for helping .
the currrent config for SITE A and SITE B is as following :
site A: ADSL router ---> fortigate >vpn>IPSEC >site to site > DDNS B >status : UP and can reach site B network
site B:ADSL router ---->fortigate >vpn>IPSEC >site to site > DDNS A >status : UP and can reach site A network
Now , We are facing new problem which is :
SITE A : As it is with above installation and configuration .
SITE B: changed from ADSL connection to star**bleep** connection and became lik this :
site B:Starlink router ---->fortigate >vpn>IPSEC >site to site > DDNS A >status : Down Tunnel not Connected
.
i know there is NO port forwarding in starlink router and it is using CGNAT unlike ADSL .
i want to know how to solve this problem with the same configuration for both fortigate .
Do i need pfsens in site B to be in between :
Starlink--> pfsens ----(wireguard)---> fortigate -->etc ..
Or any another solutions ???
Thanks
Yes , both showing now ?!
i did something horrible in both routers to make the public IP works !! if the company knows , i will be kicked out ...
Then it should work.
OK helpful friend
what i understand is this
first ,Site A fortiguard DDNS should be Enabled . then
i am using wizard i should do the following :
Site A VPN>ipsec >tunnel >convert to custom tunnel >network edit : then i have to change
REmote Gateway : to Dailup user
authentication : aggressive
update and save ..
and the rest no need for anything else to change here ?
second site B fortiguard DDNS should be disabled no need as long as ,it will be dial up .
then :change to
remote gateway : siteA DDNS
update and save ..
no need for anything else ?
if that's all what i need , then i will give it a try and feedback u ASAP .
--------------------------------
Created on 05-04-2024 09:40 PM Edited on 05-04-2024 09:41 PM
If you want to use GUI, follow below. It's custom set up on both side. The key is 1) both sides are "mode: aggressive". And at least the client side(B) needs "local id" and server side(A) needs the matching "peer id".
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Dialup-VPN-Configuration-Between-Two-Forti...
But this KB is not showing how to set up FQDN in the phase1-interface config. But I assume you already know how to do that part in CLI.
Then you need to start sending packets from LAN side of site-B toward the LAN side of site-A to bring up the tunnel.
If it still doesn't come up, you need to run debug "diag debug app ike -1" in CLI then "diag debug enable" to start showing the output on the screen.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.