gerbargain.blogg.se

Fortigate debug ipsec
Fortigate debug ipsec




If not something like this should be helpful In testing you should verify whether the Cisco has a default route in its routing table. I am not clear whether the Cisco will learn and use a default route from its DHCP negotiation with the ISP. I also note that you do not have any routing statements (no static routes and no dynamic routing).

fortigate debug ipsec

You should configure an IP address for vlan 1 to be in that network. But there is nothing configured on the Cisco about that network. The most important is that you indicate that the Fortinet expects the remote subnet to be 192.168.70.0. But there are more important issues that you need to address. I agree with Pauwen that the lack of configuration of address translation may be an issue. Please see attached config file for cisco 800. On int f4 (WAN interface) I have ip add DHCP configured.Īll the other interface seem to be layer 2 and cannot configure ip address. The cisco 800 will be connected at home behind the ISP modem.So it will get a DHCP ip address I presume. On cisco 800 side we have tried to follow the steps from Cisco documents but we were not able to make it work. The reason why it has been done like that is to allow users to have the Cisco 800 and travel with that anywhere and he ip address will keep on changing.įortigate_100F # show vpn ipsec phase1-interfaceįortigate_100F # show vpn ipsec phase2-interface

fortigate debug ipsec

Also we are allowing any traffic to come in on Fortinet for testing purposes and it is set in such a way that it will only allow connection when there is a request from the other device and in this case it is Cisco 800. I am trying to do an ipsec VPN from a Fortinet Firewall to a Cisco 800 series router.






Fortigate debug ipsec