Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello,I am trying to establish a site-to-site IPsec VPN from a Cisco 1121 (IOS XE) to a Fortigate, but I keep getting a mismatch.To use a separate zone for the VPN tunnel in the zone-based firewall on the Cisco router, I am using route-based VPN. (Th...
Communication issues - ikev1 vpn Cisco IOS <-> Fortigate
I configured a ikev1 tunnel between Cisco IOS and Fortigate.The tunnel comes up but communication only works after a client of the remote site (cisco) initiated some traffic.As you can see in t...
Hi guys,
I have to realise the following situation and need some help.
I would like to use the same Tunnel interface on the hubs for all spokes.
When I check the "sh run int tun1" on both sites it shows up up but it also shows up up if I configu...
I have some routing problems with my Cisco ASA. IPsec VPN is up and running but my ASA sends all packets for the remote network back to the switch instead of into the ipsec vpn. IPsec session only shows Rx but zero Tx... Switch routing: S* 0.0.0....
I have a Cisco 867VAE with an IPsec to my Cisco ASA. Because the network (192.168.10.0/24) is already used on my site (ASA) I have to NAT the entire network to 172.19.66.0/24 for the communication through the ipsec. As soon as I add the static NAT 19...
Thanks to both of you. The crypto map was a copy & paste mistake from an older config.
These two command in Tunnel0 did the trick.
ip unnumbered GigabitEthernet0/0/0tunnel protection ipsec policy ipv4 CACL
Thanks for your help MHM. The documentation you shared is for older releases.
I spoke to support about it, here is the summary.
I was using group address objects in fortigates phase2-interface local and remote network which is supported according to ...
Yes the cisco config is policy-based and I also tried route-based.
I think I found the problem, by try and error princip....On Fortigate in Phase 2 we are using a group object for source network (set src-name) and as soon as I replaced it with a sing...
Thanks for your time. I watched the video.The vpn interfaces in the policies are there because Fortigate is using route-based vpn by default. Currently I have a rule that allows any traffic on any interfaces until I'm able to solve this problem. I al...
