Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
875
Views
0
Helpful
1
Replies

Site-to-Site with ASA and FortiGate

Go to solution
scottsassin
Level 1
Level 1

‎06-24-2016 09:43 AM

I have setup a site-to-site VPN between my ASA and the customers FortiGate. The tunnel comes up successfully, but we can't pass traffic. When I do a packet capture on my ASA, I see the traffic on the ingress port as normal, but on the egress port, the source address gets NAT'd. I have checked all the NAT statements, and there is a NAT Exempt statement from the ingress port to the egress port, and in the VPN configuration, 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎06-24-2016 10:27 AM

Then your oder of the NAT statements in probably wrong. The dynamic NAT for the outgoing traffic has to be at the end (I put them always in section 3), while the Exemption has to be at the beginning of Section 1.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Karsten Iwen
VIP
VIP

‎06-24-2016 10:27 AM

Then your oder of the NAT statements in probably wrong. The dynamic NAT for the outgoing traffic has to be at the end (I put them always in section 3), while the Exemption has to be at the beginning of Section 1.

0 Helpful
Customers Also Viewed These Support Documents