Menu Close

Fortigate site-to-site VPN

As a network engineer, I may need to connect different branches to use resources such as fileserver, webserver, sharepoint services in secure. In this lab, I will express site-to-site with two fortinet firewalls and one Cisco ASA firewall. That is a topology that I used for this lab.

Step 1. Initital configuration

Step 2. Fortinet VPN configuration

Step 3. Another site configuration

Step 4. Test vpn connection

Step 5. Fortigate - Cisco ASA VPN connection

Step 6. Cisco ASA vpn configuration

Step 7. Test vpn connection

Step 8. Troubleshooting

!!fortigate diagnose IPSec
diagnose debug application ike -1
diagnose debug enable
diagnose vpn ike restart

diagnose debug reset
diagnose debug disable

In conclusion, there are vpn implementations, above, including different types of vendors, Fortigate-to-Fortigate and Fortigate-to-Cisco ASA. Fortigate vpn connection that has same type of fortigate is straightforward, however, Cisco ASA and fortigate vpn connection should be paid attention compared to the first implementation regarding IPSec, encryption, Diffie-Hellman group, authentication method etc.

Leave a Reply

Your email address will not be published. Required fields are marked *