Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jomfra
New Contributor

Created on ‎10-20-2022 10:02 AM

where to input the remote identier in FortiGate.

Hello Expert,

 

I have configure  a "vpn"  tunnel between FortiGate 80F a Palto Alto device.

The wan interface of the Palto Alto device is using private ip address for the wan interface because the another device on the network is use for full internet access

 

The public ip address is 81.135.253.181

        private ip addess 192.168.190.2           (remote identier)

 

 I do not know where in fortigate I must input this ip address

 

Labels:
1530
0 Kudos
1 Solution
pminarik
Staff
Staff

Created on ‎11-07-2022 02:15 AM

Assuming you're setting it up as a site-to-site tunnel (type=static; not a dialup/dynamic hub), and are using PSK authentication (based on the screenshots you posted).

 

1, If you want to set which ID the FortiGate should accept:

This is not configurable. With PSK authentication and site-to-site tunnel, the FortiGate does not check the other side's ID. Anything is accepted. You merely need to ensure that the remote-gw IP is the actual public IP from which the other side's packets will come.

 

2, If you want ot set which ID the FortiGate should send to the other side:

config vpn ipsec phase1-interface
    edit "<your-tunnel-name>"
        set localid-type address #IP address format; or any other as desired
        set localid <IP address>
end

 

 

[ corrections always welcome ]

View solution in original post

1438
0 Kudos
7 REPLIES 7
FortiMax_it
Contributor

Created on ‎10-21-2022 12:24 AM

Hi, here:

FortiMax_it_0-1666336786857.png


For more details edit the VPN via CLI: config vpn ipsec phase1-interface

1515
0 Kudos
jomfra
New Contributor
In response to FortiMax_it

Created on ‎10-23-2022 02:34 AM

Hello Expert,

 

Sorry for the tardy response but I am vacation hence will test your proposal when I return.

Will revert with an update later

 

Regards

1509
0 Kudos
jomfra
New Contributor
In response to FortiMax_it

Created on ‎11-06-2022 07:50 AM

Hello FortiMax_it

 

Sorry for the late response I was on vacation  i using the following version 

jomfra_0-1667748682786.png

 

jomfra_1-1667749524444.png

I am only getting the peer id option if I using  ike v1 but ike v2 is required for vpn connection to palo Alto

 

jomfra_3-1667749738110.png

Unsure how to get the peer id option when using ike v2

 

Regards

 

 

1487
0 Kudos
FortiMax_it
Contributor
In response to jomfra

Created on ‎11-06-2022 08:10 AM Edited on ‎11-06-2022 08:50 AM

Hi, no problem. I have firmware 6.2.12 but nothing should change. If you select Dialup User as the Remote gateway, the peer-id always remains visible.

FortiMax_it_0-1667750956204.pngFortiMax_it_1-1667750974924.png

 

1486
0 Kudos
jomfra
New Contributor
In response to FortiMax_it

Created on ‎11-06-2022 01:51 PM

Hello FortiMax,

 I am unsure why we have to select Dialup User as the Remote gateway, I have created an ipsec vpn from Fortigate to Palo alto .

I would like to send the Fortigate configs to you but I am not seeing any option on the portal to allow upload of a file.

Could assist in the regard.

 

Thank you

1465
0 Kudos
pminarik
Staff
Staff

Created on ‎11-07-2022 02:15 AM

Assuming you're setting it up as a site-to-site tunnel (type=static; not a dialup/dynamic hub), and are using PSK authentication (based on the screenshots you posted).

 

1, If you want to set which ID the FortiGate should accept:

This is not configurable. With PSK authentication and site-to-site tunnel, the FortiGate does not check the other side's ID. Anything is accepted. You merely need to ensure that the remote-gw IP is the actual public IP from which the other side's packets will come.

 

2, If you want ot set which ID the FortiGate should send to the other side:

config vpn ipsec phase1-interface
    edit "<your-tunnel-name>"
        set localid-type address #IP address format; or any other as desired
        set localid <IP address>
end

 

 

[ corrections always welcome ]
1439
0 Kudos
jomfra
New Contributor
In response to pminarik

Created on ‎11-08-2022 05:02 AM

Hello Pminarik,

 

Thanks for the clarification.

 

Regards

1427
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.