Hello I am looking for the correct configuration for the FortiGate to
allow the Cisco NAT-T I have once Cisco router behind the FortiGate and
I cannot get the Phase 1 up keeps retransmitting and I am unsure what
"passthrough" I need for the FortiGate...
Hello Everyone new hereNew to FortiGate also. I am having a major issue
getting a site to site VPN up but first I would like to tell me how do
you ping the other gateway from the Forti CLI? I see ping option but I
don't get it execute ping-options so...
Hello Ken Yes it was, but I don't have the Cisco coded for pfs. crypto
ipsec transform-set TS esp-3des esp-md5-hmac mode tunnel ! crypto ipsec
profile VTI set security-association lifetime seconds 86400 set
transform-set TS<I> but I removed it ISR4221#s</I>...
Here it is FORTIGATE # diag vpn ike gateway listvd: root/0 name:
TestToCisco version: 1 interface: wan1 7 addr: 73.107.235.45:500 ->
50.250.102.118:500 created: 25s ago IKE SA: created 1/1 established 1/1
time 100/100/100 ms IPsec SA: created 0/6id/s...
Cisco still complaining about phase 2. here is latest debug on p1 errors
ISR4221#debug crypto isakmp error Crypto ISAKMP Error debugging is on
ISR4221# ISR4221# ISR4221# ISR4221# ISR4221# ISR4221# *Mar 26
17:49:40.105: ISAKMP-ERROR: (1332):deleting n...
Here is the debug. What is the pfs there (perfect forward secret) but I
have this turned off on both boxes. It is seeing pfs DH 5 and
complaining about it. FORTIGATE # ike 0:TestToCisco:TestToCisco: IPsec
SA connect 7 73.107.235.45->50.250.102.118:0 ...
