I have a pair of Fortigate 60 3.0 MR7 Patch 2. I have set up a site to
site IPSec VPN between them. The tunnel works. If I restart one of the
routers then one or both of the routers are unable to bring up the
tunnel until the phase 1 keylife expires ...
Look in the KB for IPSec Overlapping Subnets. For source NAT you' ll be
only doing the instructions on one side. Policy VPN will map many to few
or many to one easily. I' ve not used route VPN much to know if it is
just as versatile. SNAT is also han...
ORIGINAL: johns99 I think the FGT proxy group implementation is buggy
With IPSec groups and names it' s possible to FUBAR the internal
configuration so bad that only a factory reset will fix it. The only
fault of separate phase 2 is that it uses more...
ORIGINAL: johns99 If the ASA-5520 is the initiator, it comes up for a
few seconds and then renegotiates Phase 2 (interrupting the tunnel) over
and over again. The two sides may not be equal. Sometimes the responder
adjusts the parameters to what the ...
I have managed to setup commnications for tunnels using private ranges
but those with public ranges are not working.Any router that supports
VPN easily handles private IP to private IP tunnels that do not overlap.
You won' t find a router anywhere th...
Your log shows nothing except that the Cisco refused the phase 2. The
Cisco log will show the reason why. The log of the tunnel receiver is
useful. The log of the tunnel initiator is not. Get the Cisco log read
or have the Cisco initiate the tunnel.