Solved

Site-to site VPN fortigate and cisco router

Posted on 2015-02-06
3
2,126 Views
Last Modified: 2015-02-07
Hello;
How can i configure site-to site IPSEC VPN between fortigate (dynamic IP) and Cisco router(static IP)?
0
Comment
Question by:PMCCCC
3 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40595553
key is to ensure the IPSec phase 1 and 2 setting are same in Fortigate and Cisco, you can check out the Dynamic IP (you need an account from the dynamic dns service subscribed) in guide and note this
IPsec VPN expects an IP address for each end of the VPN tunnel. All configuration and communication with that tunnel depends on the IP addresses as reference points. However, when the interface the tunnel is on has DDNS enabled there is no set IP address. The remote end of the VPN tunnel now needs another way to reference your end of the VPN tunnel. This is accomplished using Local ID.
(See Dynamic DNS over VPN section and the later section on an example for Branch 1 using static and Branch 2 for Dynamic) http://docs.fortinet.com/uploaded/files/1881/fortigate-ipsec-52.pdf

However, the above example is Fortigate at both each end, hence you can catch how to configure Cisco router (see R1) to pt to a Dynamic VPN device (example stated R2 and R3) in this. The key pt to note is use of "crypto isakmp key <Secret> address 0.0.0.0 0.0.0.0"  to define the remote as Dynamic
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/936-cisco-router-vpn-dynamic-endpoint.html

For interest, the below example is doing static part of Cisco and Fortigate. The GUI flow is useful
http://blog.webernetz.net/2015/02/02/ipsec-site-to-site-vpn-fortigate-cisco-router/
0
 

Author Comment

by:PMCCCC
ID: 40595598
Thanks btan that was very helpful.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question