Site-to-site IPsec VPN from forti OS 4.3.15 to 5.4.1
I'm having trouble setting up a site-to-site VPN tunnel from my HQ site, running forti os 5.4.1, to the remote site, running 4.3.15. It seems that I made the settings similar to my previous VPN tunnels, but it's not working. I was wondering if this is because the v4.3.15 is using tunnel mode, but the v5.4.1 is using interface mode. Is it possible to change v5.4.1 to tunnel mode, or to change v4.3.15 to interface mode? The most urgent issue is to know whether these two versions can successfully make a site-to-site IPsec VPN tunnel between them.
We were running 4.3 until about 3 years ago. But at that time we were using interface mode IPSecs. You should be able to set it up an interface mode IPsec on that unit and connect it to the other FG. But eventually you want to upgrade the 4.3 FG to 5.2 or 5.4.
To answer your question: both kinds of VPN setup can communicate with each other kind. Troubleshooting is much easier with Interface mode though, so I'd recommend you re-create the 4.3 VPN in Interface Mode. When creating phase1, there is a checkbox on top for this. You can only change the setting until you hit OK for the first time.
Make sure your Quick Mode selectors are correct on both sides, preferably not wildcards (0.0.0.0/0) but even that would work...
If it doesn't work right away please post the config (text form, from CLI) and then we can further debug the connection setup.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.