cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

568
Views
0
Helpful
3
Replies
Highlighted
Beginner

Issues with IPsec Tunnel cisco asa vs fortigate

Hi guys

 

I got a situation with an IPsec Tunnel and i don't know what else I need do, this is the situation:

 

I already configured a VPN Tunnel between my Cisco ASA and a Fortigate 100D everything is up (Phase 1 and Phase 2), this tunnel was created because we need to monitor 5 devices (couple of switches and a call manager) the devices that we already monitoring are the Switch Core (10.0.5.20) and the Call Manager (10.0.5.21) (the IPs are not the real ones is just for information) but we got problems trying to reach 3 Switches that are on a different network (10.0.1.x) 

 

When i send a ping from my server (172.26.5.80) to one of the devices let's say 10.0.1.5 I see that the packet reach the Cisco asa and send it through the Tunnel but on the Fortigate side they don't see anything they only see the request to the IPs 10.0.5.20 and .21

 

If I execute the ping backwards i mean from the 10.0.1.5 to my server 172.26.5.80 it doesn't respond until i execute a ping from my server to the switch looks like it's waiting to see the communication open on the Tunnel

 

About the configuration on both sides we already checked and everything looks good.

 

I hope all of you understand what i tried to explain.

 

Regards

3 REPLIES 3
Highlighted
Participant

Re: Issues with IPsec Tunnel cisco asa vs fortigate

For verification on the ASA, you could run CLI packet tracer to confirm that the config is good:

packet tracer input inside icmp source-ip 8 0 dest-ip det

Regards,

Azam

Highlighted
Beginner

Re: Issues with IPsec Tunnel cisco asa vs fortigate

I think i found the issue, on the Fortinet side the admin was using "named address" something like object groups and this can cause some issues in the VPN crypto map. I'm asking to the admin to change the "named address" to the IP address. I will let you know how it goes.

 

Regards

Highlighted
Participant

Re: Issues with IPsec Tunnel cisco asa vs fortigate

hope it works, I only have knowledge of the ASA, not Fortigate

regards, mk