Hi all,I'm testing different setups wit IPsec Tunnels on a Fortigate
200D.The first tunnel I made is: edit "p1-edam" set type dynamic set
interface "wan1" set peertype one set proposal aes256-md5 set dpd
disable set dhgrp 2 set nattraversal disable s...
Hello learned people, please consider this Scenario:On a Fortigate 200D
OS v5.4.1 I need to source NAT multiple subnets into one subnet before
going into a IPSec tunnel.e.g. 10.87.1.0/24, 10.92.22.0/24,
10.100.5.0/24 (up to some 70 subnets) need to g...
Hello my learned friends,I have a question: is it possible on a
Fortigate 200D to set up an IPSec tunnel as a responder only?As an
initiator it seems to go about trying to make a connection so
aggressively that it sometimes overwhelmes the responding...
Hi all,I have a perfectly normal IPsec tunnel that normaly works
fine.However, once in a while the connection gets lost and the Fortigate
goes crazy.Debug shows thousands of quickmode requests.Here is a piece
of debug after I flushed the tunnel on CL...
Hello all.Happy New Year and all the best wishes for 2015. I have a
question about restricting admin access to the Fortigate.I run a
Fortigate 200D version 5.0 patch 7 and need to set up an admin profile
so that our servicedesk people have readonly a...
Ede,it looks you might be right here.But I also learned that the IKE
mode should be set to Aggressive in order to get the authentication
right.In any case, I switched back to IKE mode Main and use Static IP
Address for the tunnels I needed to set up....
> You can set it as a dialup ( no defined peer ). That will get you as a
responder function. Oew, that was scary I created a single P1 with no
P2's and for a moment it seemd that my internet went down as well as
most of the IPsec tunnels.Better not t...
Hi Ken,i totaly agree with you that phase2 is down, but my concern is
that when phase1 goes down (or appears to be up when it is not) the
phase2 floods the system with attempts to connect.And when the p2
request is on the queue: where can I find (the...
Hello Ken,The remote site is a Cisco RV078 or something similar or an
AXA5505 (I am not sure since I do not administer this device. But it is
a Cisco for sure)The ForitOS is v5.0,build3608 (GA Patch 7)I had DPD
enabled and also tried it with disabled...
Hi Gerry, I could be mistaking but I think your WAN Settings put that
addres on the subnet boundary i.e. the subnet address. Have you tried to
put it on x.x.x.89 / 29 ? to see what it does ?
