Fortigate site-to-site VPN
As a network engineer, I may need to connect different branches to use resources such as fileserver, webserver, sharepoint services in secure. In this lab, I will express site-to-site with two fortinet firewalls and one Cisco ASA firewall. That is a topology that I used for this lab.
Step 1. Initital configuration
Step 2. Fortinet VPN configuration
Step 3. Another site configuration
Step 4. Test vpn connection
Step 5. Fortigate - Cisco ASA VPN connection
Step 6. Cisco ASA vpn configuration
Step 7. Test vpn connection
Step 8. Troubleshooting
!!fortigate diagnose IPSec
=======================================
diagnose debug application ike -1
diagnose debug enable
diagnose vpn ike restart
diagnose debug reset
diagnose debug disable
=======================================
diagnose debug application ike -1
diagnose debug enable
diagnose vpn ike restart
diagnose debug reset
diagnose debug disable
In conclusion, there are vpn implementations, above, including different types of vendors, Fortigate-to-Fortigate and Fortigate-to-Cisco ASA. Fortigate vpn connection that has same type of fortigate is straightforward, however, Cisco ASA and fortigate vpn connection should be paid attention compared to the first implementation regarding IPSec, encryption, Diffie-Hellman group, authentication method etc.