Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ciscokid1903
New Contributor

FortiGate to Draytek Vigor IPSEC VPN

Hi, I am trying to set up an IPSEC vpn between my fortigates and a draytek vigour. I' ve created the phase one and phase two on the FortiGates as I have done for other IPSEC vpns (ones connected to other fortigates) so this side looks OK. I' ve setup the Draytek using the guide on their website but having no luck bringing up the tunnel. Does anyone have any guides on this setup? Anyone done anything similar with a fortigate to thirdparty firewall? Any help would be much appreciated. Thanks
3 REPLIES 3
abelio
Valued Contributor

hello, there' s an old article for this http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=10489&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=11515798&stateId=0%200%2011517495 I guess that the more relevant part are the limitation list: DRAYTEK configuration
model vigor2600 annex A firmware version : v2.5_UK - MAIN MODE ONLY (cannot be configured) - DH2 only (cannot be configured) - MD5 hash function only (cannot be configured) - phase 2 key live is per default 3600 sec (cannot be configured) - no nat traversal compliant - no DPD compliant
Maybe adjusting the FTG side to that restrictions, you can be lucky. regards,

regards




/ Abel

regards / Abel
ciscokid1903
New Contributor

Thanks for this Abel, I will try out those settings. Do you know if rules need to be configured on draytek firewall to allow the IPsec traffic?
ciscokid1903
New Contributor

Eventually got this working, just had to try a few settings. One of the ones to note is to enable the Dead Peer Detection on the FortiGate and also enable perfect forward secrecy on the phase 2 settings on both ends.
Labels
Top Kudoed Authors