Wednesday, 12 November 2014

IPSEC VPN Fortigate to ISA 2006

We had to set one of these up today and it was a bit odd.

The easiest way is to say what settings worked :-)

Stick with SHA and 3DES.  Group2 for DH, supposedly 14 will work but it didn't for us.

Use proxies, this was our final stumbling block.  ISA wanted proxies in phase 2 or came up with INVALID-ID-INFORMATION in the Fortigate debugs.

Otherwise it's defaults for times, DPD etc.

Edit later:

ISA summarises multiple networks rather than creating a second phase 2. dumb..

ie we had at the remote site and at the head office end.  They want to add so debugging (you can't set this or see it in ISA by the looks of it) the HO end proxy goes from to So what happens when you add a second network to the remote office end?

No comments:

Switch your Raspberry Pi 3 to use a hard drive

I have a Pi 3 that is a DNS, web, email etc server and it's gone through a few SD cards and gets bogged down in high wait % in top somet...