Description | This article provides a replica of a functional configuration for a site-to-site VPN that consistently encounters issues in both Phase 1 and Phase 2 negotiations when connecting between SonicWall and a FortiGate connected behind CGNAT Starlink. |
Scope | FortiOS, FortiGate, Sonicwall, CGNAT Starlink. |
Solution |
Firstly, make sure that all of the basic configuration is matching both sides using this article.
If the basic configuration does not help bringing the IPsec tunnel up using the above article, the following changes must be made on both sides of the tunnel:
Test the tunnel and refer to this article to enable MTU override and disable Anti-Reply if tunnel still shows offline. Technical Tip: Explaining IPsec Anti-replay and preventing packet drops. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.