Solved

Site-to site VPN fortigate and cisco router

Posted on 2015-02-06
3
2,030 Views
Last Modified: 2015-02-07
Hello;
How can i configure site-to site IPSEC VPN between fortigate (dynamic IP) and Cisco router(static IP)?
0
Comment
Question by:PMCCCC
3 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40595553
key is to ensure the IPSec phase 1 and 2 setting are same in Fortigate and Cisco, you can check out the Dynamic IP (you need an account from the dynamic dns service subscribed) in guide and note this
IPsec VPN expects an IP address for each end of the VPN tunnel. All configuration and communication with that tunnel depends on the IP addresses as reference points. However, when the interface the tunnel is on has DDNS enabled there is no set IP address. The remote end of the VPN tunnel now needs another way to reference your end of the VPN tunnel. This is accomplished using Local ID.
(See Dynamic DNS over VPN section and the later section on an example for Branch 1 using static and Branch 2 for Dynamic) http://docs.fortinet.com/uploaded/files/1881/fortigate-ipsec-52.pdf

However, the above example is Fortigate at both each end, hence you can catch how to configure Cisco router (see R1) to pt to a Dynamic VPN device (example stated R2 and R3) in this. The key pt to note is use of "crypto isakmp key <Secret> address 0.0.0.0 0.0.0.0"  to define the remote as Dynamic
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/936-cisco-router-vpn-dynamic-endpoint.html

For interest, the below example is doing static part of Cisco and Fortigate. The GUI flow is useful
http://blog.webernetz.net/2015/02/02/ipsec-site-to-site-vpn-fortigate-cisco-router/
0
 

Author Comment

by:PMCCCC
ID: 40595598
Thanks btan that was very helpful.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question