?
Solved

Site-to site VPN fortigate and cisco router

Posted on 2015-02-06
3
Medium Priority
?
2,510 Views
Last Modified: 2015-02-07
Hello;
How can i configure site-to site IPSEC VPN between fortigate (dynamic IP) and Cisco router(static IP)?
0
Comment
Question by:PMCCCC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 40595553
key is to ensure the IPSec phase 1 and 2 setting are same in Fortigate and Cisco, you can check out the Dynamic IP (you need an account from the dynamic dns service subscribed) in guide and note this
IPsec VPN expects an IP address for each end of the VPN tunnel. All configuration and communication with that tunnel depends on the IP addresses as reference points. However, when the interface the tunnel is on has DDNS enabled there is no set IP address. The remote end of the VPN tunnel now needs another way to reference your end of the VPN tunnel. This is accomplished using Local ID.
(See Dynamic DNS over VPN section and the later section on an example for Branch 1 using static and Branch 2 for Dynamic) http://docs.fortinet.com/uploaded/files/1881/fortigate-ipsec-52.pdf

However, the above example is Fortigate at both each end, hence you can catch how to configure Cisco router (see R1) to pt to a Dynamic VPN device (example stated R2 and R3) in this. The key pt to note is use of "crypto isakmp key <Secret> address 0.0.0.0 0.0.0.0"  to define the remote as Dynamic
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/936-cisco-router-vpn-dynamic-endpoint.html

For interest, the below example is doing static part of Cisco and Fortigate. The GUI flow is useful
http://blog.webernetz.net/2015/02/02/ipsec-site-to-site-vpn-fortigate-cisco-router/
0
 

Author Comment

by:PMCCCC
ID: 40595598
Thanks btan that was very helpful.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses
Course of the Month15 days, 10 hours left to enroll

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question