Wednesday, 12 November 2014

IPSEC VPN Fortigate to ISA 2006

We had to set one of these up today and it was a bit odd.

The easiest way is to say what settings worked :-)

Stick with SHA and 3DES.  Group2 for DH, supposedly 14 will work but it didn't for us.

Use proxies, this was our final stumbling block.  ISA wanted proxies in phase 2 or came up with INVALID-ID-INFORMATION in the Fortigate debugs.

Otherwise it's defaults for times, DPD etc.

Edit later:

ISA summarises multiple networks rather than creating a second phase 2. dumb..

ie we had at the remote site and at the head office end.  They want to add so debugging (you can't set this or see it in ISA by the looks of it) the HO end proxy goes from to So what happens when you add a second network to the remote office end?

No comments:

CS:GO on Linux not starting

Valve, for a company that supposedly loves Linux your support is terrible. I got pointed to a community forum for support when logging this ...