Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Site-to site VPN fortigate and cisco router

Posted on 2015-02-06
3
Medium Priority
?
2,930 Views
Last Modified: 2015-02-07
Hello;
How can i configure site-to site IPSEC VPN between fortigate (dynamic IP) and Cisco router(static IP)?
0
Comment
Question by:PMCCCC
2 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 40595553
key is to ensure the IPSec phase 1 and 2 setting are same in Fortigate and Cisco, you can check out the Dynamic IP (you need an account from the dynamic dns service subscribed) in guide and note this
IPsec VPN expects an IP address for each end of the VPN tunnel. All configuration and communication with that tunnel depends on the IP addresses as reference points. However, when the interface the tunnel is on has DDNS enabled there is no set IP address. The remote end of the VPN tunnel now needs another way to reference your end of the VPN tunnel. This is accomplished using Local ID.
(See Dynamic DNS over VPN section and the later section on an example for Branch 1 using static and Branch 2 for Dynamic) http://docs.fortinet.com/uploaded/files/1881/fortigate-ipsec-52.pdf

However, the above example is Fortigate at both each end, hence you can catch how to configure Cisco router (see R1) to pt to a Dynamic VPN device (example stated R2 and R3) in this. The key pt to note is use of "crypto isakmp key <Secret> address 0.0.0.0 0.0.0.0"  to define the remote as Dynamic
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/936-cisco-router-vpn-dynamic-endpoint.html

For interest, the below example is doing static part of Cisco and Fortigate. The GUI flow is useful
http://blog.webernetz.net/2015/02/02/ipsec-site-to-site-vpn-fortigate-cisco-router/
0
 

Author Comment

by:PMCCCC
ID: 40595598
Thanks btan that was very helpful.
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month12 days, 1 hour left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question