Can FG300D support site to site vpn with mikrotik router?
I may need to enable site to site vpn with a 3rd party business network.
they are using mikrotik brand of router with firewall features.
what type of vpn method should i use?
from their website, the following technologies are supported
Ipsec – tunnel and transport mode, certificate or PSK, AH and ESP security protocols
Point to point tunneling (OpenVPN, PPTP, PPPoE, L2TP) Advanced PPP features (MLPPP, BCP) Simple tunnels (IPIP, EoIP) 6to4 tunnel support (IPv6 over IPv4 network) VLAN – IEEE802.1q Virtual LAN support, Q-in-Q support MPLS based VPNs
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
This older forum post ends with a link to a third-party blog which may provide the necessary steps for your situation:
https://forum.fortinet.com/tm.aspx?m=103954
Regards, Chris McMullan Fortinet Ottawa
This older forum post ends with a link to a third-party blog which may provide the necessary steps for your situation:
https://forum.fortinet.com/tm.aspx?m=103954
Regards, Chris McMullan Fortinet Ottawa
kinmun wrote:Can FG300D support site to site vpn with mikrotik router?
I may need to enable site to site vpn with a 3rd party business network.
they are using mikrotik brand of router with firewall features.
what type of vpn method should i use?
from their website, the following technologies are supported
Ipsec – tunnel and transport mode, certificate or PSK, AH and ESP security protocols
Point to point tunneling (OpenVPN, PPTP, PPPoE, L2TP) Advanced PPP features (MLPPP, BCP) Simple tunnels (IPIP, EoIP) 6to4 tunnel support (IPv6 over IPv4 network) VLAN – IEEE802.1q Virtual LAN support, Q-in-Q support MPLS based VPNs
you can use: ipsec tunnel mode, psk, esp,
in the fortigate you must configure ipsec interface mode
will the site-2-site vpn work if the mikrotik side uses dynamic ip using ddns host name instead of static ip address?
must work, i have configured using static ip, you can try using client-server.
my tunnel with the mikrotik router is setup. after the initial testing, where i was able to ping to n fro, i cant do it now. is there something wrong with the setup? i keep seeing the tunnel up down.
the mikrotik is the intiator.
this is the phase 2 config
edit "datacentre" set phase1name "XXXXXX" set proposal aes128-sha1 set dhgrp 5 set keepalive enable set auto-negotiate enable set keylifeseconds 1800 set src-subnet xx.xxx.xx.0 255.255.255.0 set dst-subnet xx.xxx.xx.0 255.255.255.0
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.