Communication issues - ikev1 vpn Cisco IOS <-> Fortigate
I configured a ikev1 tunnel between Cisco IOS and Fortigate.The tunnel comes up but communication only works after a client of the remote site (cisco) initiated some traffic.As you can see in t...
Hi guys,
I have to realise the following situation and need some help.
I would like to use the same Tunnel interface on the hubs for all spokes.
When I check the "sh run int tun1" on both sites it shows up up but it also shows up up if I configu...
I have some routing problems with my Cisco ASA. IPsec VPN is up and running but my ASA sends all packets for the remote network back to the switch instead of into the ipsec vpn. IPsec session only shows Rx but zero Tx... Switch routing: S* 0.0.0....
I have a Cisco 867VAE with an IPsec to my Cisco ASA. Because the network (192.168.10.0/24) is already used on my site (ASA) I have to NAT the entire network to 172.19.66.0/24 for the communication through the ipsec. As soon as I add the static NAT 19...
Hello
I try to configure my Router 887VA to automaticly reload if an IP-Adress is not reachable. I tried the following configuration:
--------------------------------------------ROUTER#conf t ROUTER(config)#ip sla 1 ROUTER(config-ip-sla)#icmp-echo 10...
Thanks for your help MHM. The documentation you shared is for older releases.
I spoke to support about it, here is the summary.
I was using group address objects in fortigates phase2-interface local and remote network which is supported according to ...
Yes the cisco config is policy-based and I also tried route-based.
I think I found the problem, by try and error princip....On Fortigate in Phase 2 we are using a group object for source network (set src-name) and as soon as I replaced it with a sing...
Thanks for your time. I watched the video.The vpn interfaces in the policies are there because Fortigate is using route-based vpn by default. Currently I have a rule that allows any traffic on any interfaces until I'm able to solve this problem. I al...
Sorry I missed some lines of the config. Here are the right acl.
Extended IP access list 18010 deny ip 10.183.2.0 0.0.0.255 100.64.0.0 0.0.0.730 deny ip 10.183.2.0 0.0.0.255 172.18.0.0 0.0.255.25540 deny ip 10.183.2.0 0.0.0.255 192.168.201.72 0.0.0.7...
