Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
0
Helpful
4
Replies

VPN site-to-site between Cisco ASA5525 and Fortigate 60D

ttt123us
Level 1
Level 1

‎01-29-2018 11:41 PM - edited ‎03-12-2019 04:58 AM

Hi,

 

 

My VPN site-to-site between Cisco ASA5525 (Site1) and Fortigate 60D(Site2) established, all servers, clients of 2 sites can connect eachother without any error.

the problem is: from fortigate, i could not setup LDAP authentication connection with a server located on Site1, error: Could not contact with LDAP server...

I tried to ping LDAP server and clients on Site1, failed

From ASA5525 on Site1, I also could not ping fortigate60D or clients on Site2,

 

Anyone can help would be appreciated.

 

Many thanks.

Labels:
0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎01-30-2018 01:52 AM

Hi

 Lets try to help  at least on the Cisco part. Do you have sysopt enabled on ASA or are you using VPN filter?

 I assuming that you probably need to permit something on this traffic.

  When you say from ASA you can not ping host on Site 2, this is the expected behavior. The traffic to be tunneled is the traffic behind firewall not the traffic generated on firewall.

 Make sure you have all the required network on you policies.

 

-If I helped you somehow, please, rate it as useful.-

 

0 Helpful

ttt123us
Level 1
Level 1
In response to Flavio Miranda

‎01-30-2018 06:22 PM - edited ‎01-30-2018 06:22 PM

Hi,

 

This is my sysopt result:

no sysopt connection timewait
sysopt connection tcpmss 0
sysopt connection tcpmss minimum 0
sysopt connection permit-vpn
no sysopt connection reclassify-vpn
no sysopt connection preserve-vpn-flows
no sysopt radius ignore-secret
no sysopt noproxyarp outside
no sysopt noproxyarp inside
sysopt noproxyarp management
no sysopt noproxyarp Viettel
no sysopt noproxyarp ViettelFTTH

 

I dont know if any thing wrong, All interfaces disabled except inside and outside.

Thanks.

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎01-30-2018 04:00 AM

Hello,

On the FortiGate which type of VPN configured means as S2S or Dial-up. My suggestion to configure the correct policy on the fortiGtae firewall. 

If VPN seems up but there is no data on VPN tunnel then please verify VPN tunnel on both end and routing table on FortiGate. 

Make sure, you are not missing any ACL on ASA and policy on FortiGate. 

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

ttt123us
Level 1
Level 1
In response to Deepak Kumar

‎01-30-2018 06:08 PM

Hi,

 

My VPN is site to site, not dial-up. All working well, except from firewalls.

Quite strange.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents