We had to set one of these up today and it was a bit odd.
The easiest way is to say what settings worked :-)
Stick with SHA and 3DES. Group2 for DH, supposedly 14 will work but it didn't for us.
Use proxies, this was our final stumbling block. ISA wanted proxies in phase 2 or came up with INVALID-ID-INFORMATION in the Fortigate debugs.
Otherwise it's defaults for times, DPD etc.
ISA summarises multiple networks rather than creating a second phase 2. dumb..
ie we had 10.0.1.0/24 at the remote site and 10.0.2.0/24 at the head office end. They want to add 10.0.3.0/24 so debugging (you can't set this or see it in ISA by the looks of it) the HO end proxy goes from 10.0.2.0/24 to 10.0.0.0/16. So what happens when you add a second network to the remote office end?
Valve, for a company that supposedly loves Linux your support is terrible. I got pointed to a community forum for support when logging this ...
This is something that caught my interest a few years ago and has been sitting in the garage churning out tiny fractions of a bitcoin regula...
We still see this one occasionally. Had one case where we needed to get a policy on but couldn't reboot the firewall. So, tried a few ...
I've seen this happen for a few reasons but had a new one today. We had a new 3750 that I'd set to DHCP on VLAN1 to plug in. I th...