I have a pair of Fortigate 60 3.0 MR7 Patch 2. I have set up a site to
site IPSec VPN between them. The tunnel works. If I restart one of the
routers then one or both of the routers are unable to bring up the
tunnel until the phase 1 keylife expires ...
Sounds you' re trying to run a server behind a dual WAN and want the
server to be available to both WAN simultaneously. For some reason the
servers internal to the Fortigate know how to return packets to the same
interface they came from. Return pack...
Look in the KB for IPSec Overlapping Subnets. For source NAT you' ll be
only doing the instructions on one side. Policy VPN will map many to few
or many to one easily. I' ve not used route VPN much to know if it is
just as versatile. SNAT is also han...
ORIGINAL: johns99 I think the FGT proxy group implementation is buggy
With IPSec groups and names it' s possible to FUBAR the internal
configuration so bad that only a factory reset will fix it. The only
fault of separate phase 2 is that it uses more...
ORIGINAL: johns99 If the ASA-5520 is the initiator, it comes up for a
few seconds and then renegotiates Phase 2 (interrupting the tunnel) over
and over again. The two sides may not be equal. Sometimes the responder
adjusts the parameters to what the ...
I have managed to setup commnications for tunnels using private ranges
but those with public ranges are not working.Any router that supports
VPN easily handles private IP to private IP tunnels that do not overlap.
You won' t find a router anywhere th...
