Hello Expert,
I have configure a "vpn" tunnel between FortiGate 80F a Palto Alto device.
The wan interface of the Palto Alto device is using private ip address for the wan interface because the another device on the network is use for full internet access
The public ip address is 81.135.253.181
private ip addess 192.168.190.2 (remote identier)
I do not know where in fortigate I must input this ip address
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Assuming you're setting it up as a site-to-site tunnel (type=static; not a dialup/dynamic hub), and are using PSK authentication (based on the screenshots you posted).
1, If you want to set which ID the FortiGate should accept:
This is not configurable. With PSK authentication and site-to-site tunnel, the FortiGate does not check the other side's ID. Anything is accepted. You merely need to ensure that the remote-gw IP is the actual public IP from which the other side's packets will come.
2, If you want ot set which ID the FortiGate should send to the other side:
config vpn ipsec phase1-interface
edit "<your-tunnel-name>"
set localid-type address #IP address format; or any other as desired
set localid <IP address>
end
Hi, here:
For more details edit the VPN via CLI: config vpn ipsec phase1-interface
Hello Expert,
Sorry for the tardy response but I am vacation hence will test your proposal when I return.
Will revert with an update later
Regards
Hello FortiMax_it
Sorry for the late response I was on vacation i using the following version
I am only getting the peer id option if I using ike v1 but ike v2 is required for vpn connection to palo Alto
Unsure how to get the peer id option when using ike v2
Regards
Created on 11-06-2022 08:10 AM Edited on 11-06-2022 08:50 AM
Hi, no problem. I have firmware 6.2.12 but nothing should change. If you select Dialup User as the Remote gateway, the peer-id always remains visible.
Hello FortiMax,
I am unsure why we have to select Dialup User as the Remote gateway, I have created an ipsec vpn from Fortigate to Palo alto .
I would like to send the Fortigate configs to you but I am not seeing any option on the portal to allow upload of a file.
Could assist in the regard.
Thank you
Assuming you're setting it up as a site-to-site tunnel (type=static; not a dialup/dynamic hub), and are using PSK authentication (based on the screenshots you posted).
1, If you want to set which ID the FortiGate should accept:
This is not configurable. With PSK authentication and site-to-site tunnel, the FortiGate does not check the other side's ID. Anything is accepted. You merely need to ensure that the remote-gw IP is the actual public IP from which the other side's packets will come.
2, If you want ot set which ID the FortiGate should send to the other side:
config vpn ipsec phase1-interface
edit "<your-tunnel-name>"
set localid-type address #IP address format; or any other as desired
set localid <IP address>
end
Hello Pminarik,
Thanks for the clarification.
Regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1011 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.