I have a problem as per subject line.
I'm trying to configure a VPN tunnel between two offices. One side has Cisco ASA 5505 (London) other one is configured with Fortigate 60B (Hong Kong).
I followed few instructions and managed to get the tunnel up and running. I can ping any PC/Server in Hong Kong from London but not the other way arround. I've done trace route test and it looks like Fortigate is trying to send the data thourh public network rathere than encrypted traffic. The first hop that I can see it does goes to Public Gateway.
I followed this: http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&externalId=13574
to configure Fortigate. I have tried both policy as well as route based VPN confiugration. No luck both ways.
I have attached Fortigate configuration:
access-list outside_1_cryptomap extended permit ip 192.168.16.0 255.255.255.0 10.168.20.0 255.255.252.0
access-list inside_nat0_outbound extended permit ip 192.168.16.0 255.255.255.0 10.168.20.0 255.255.252.0
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer Hong Kong IP
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
tunnel-group Hong Kong IP type ipsec-l2l
tunnel-group Hong Kong IP ipsec-attributes
Is my assumption right that it is the Fortigate that is missing some extra line of code somewhere?
Can anyone help please?