Powered by Blogger.

IPsec Site-to-Site VPN FortiGate <-> Cisco Router

This blog post shows how to configure a site-to-site IPsec VPN between a FortiGate firewall and a Cisco router. The FortiGate is configured via the GUI – the router via the CLI. I am showing the screenshots/listings as well as a few troubleshooting commands.
The VPN tunnel shown here is a route-based tunnel. That is, I do NOT use proxy-ids in phase 2 for the routing decision (which would be policy-based), but tunnel-interfaces and static routes. This applies to both devices.

Lab

The following figure shows the lab for this VPN:

FortiGate

These are the steps for the FortiGate firewall. Refer to the descriptions under the screenshots for further details:

Cisco Router

The Cisco router ist configured with the following commands:

Monitoring

The FortiGate has an IPsec Monitor status of “Up”,
and can be queried via the CLI, too:

The Cisco router show commands are the following:

Ciao.
    Blogger Comment
    Facebook Comment