We had to set one of these up today and it was a bit odd.
The easiest way is to say what settings worked :-)
Stick with SHA and 3DES. Group2 for DH, supposedly 14 will work but it didn't for us.
Use proxies, this was our final stumbling block. ISA wanted proxies in phase 2 or came up with INVALID-ID-INFORMATION in the Fortigate debugs.
Otherwise it's defaults for times, DPD etc.
Edit later:
ISA summarises multiple networks rather than creating a second phase 2. dumb..
ie we had 10.0.1.0/24 at the remote site and 10.0.2.0/24 at the head office end. They want to add 10.0.3.0/24 so debugging (you can't set this or see it in ISA by the looks of it) the HO end proxy goes from 10.0.2.0/24 to 10.0.0.0/16. So what happens when you add a second network to the remote office end?
Subscribe to:
Post Comments (Atom)
-
I'm test driving Ubuntu after using Gentoo for years and found Librewolf gave me this warning banner. “some of LibreWolf’s security feat...
-
We still see this one occasionally. Had one case where we needed to get a policy on but couldn't reboot the firewall. So, tried a few ...
-
I gave Windows 10 another try tonight and after some pretty hefty updates I still have the same issues as before. Same hardware on Windows ...
No comments:
Post a Comment