Hola a todos!
Necesito de su ayuda. Estoy presentando inconvenientes con la configuracion de una VPN entre un Fortigate con la version 5.0(hub) modelo100d y el otro es modelo 50E con la version 5.4.2(spoke).
Tengo mas Fortigate 40c con vpn en otras localidades y todos funcionan bien. Envio configuraciondel spoke:
Fortigate 50E:
-------------------------------------
ike 0:Suc_Cristobal: schedule auto-negotiate
ike 0:Suc_Cristobal: auto-negotiate connection
ike 0:Suc_Cristobal: created connection: 0x10426188 4 10.5.1.5->190.106.113.195:500.
ike 0:Suc_Cristobal:74: cookie f22c43f10af6a87a/0000000000000000
ike 0:Suc_Cristobal:74: out F22C43F10AF6A87A000000000000000001100400000000000000020604000034000000010000000100000028010100010000002001010000800B0001800C7080800100058003000180020002800400050A0000C4526B531BC1B756F8ED0C7413B8B0611AD9A35ADB980A401BBEA02F70F14957D5D68FA4848409C239E2BA2F58C218BE1B60841E46CC9ECFAF583CDB3D40112CB500FD7087BF4B5BA0DEE803CFD3DD897347E22B6FC5CD9DB4011958C44DC6182C6BABE4FD7B4F994400B25E11F192C64246E3BE69DAAF9A2FEF23E5958AE4D9C2B15CC6E858BFFC3EE9C5FAE8A6188683D9CD5C612B34363CF34EC4E6BEF28B11B39010588933332A98413B1A5CBE17043D5271ADB124B83A4C110494F31ED80A0500001405DA042CF046EFC8CAFC70D7B99E78260D000012020000005343726973746F62616C0D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00050428
ike 0:Suc_Cristobal:74: sent IKE msg (agg_i1send): 10.5.1.5:500->190.106.113.195:500, len=518, id=f22c43f10af6a87a/0000000000000000
ike 0: comes 190.106.113.195:500->10.5.1.5:500,ifindex=4....
ike 0: IKEv1 exchange=Aggressive id=f22c43f10af6a87a/b7b0842efa906099 len=472
ike 0: in F22C43F10AF6A87AB7B0842EFA9060990110040000000000000001D804000034000000010000000100000028010100010000002001010000800B0001800C7080800100058003000180020002800400050A0000C4E9F95FD1AB24ED8C33D85CEE8E94B7E5D5DCD5EED7F5DDA3383C2DE305F6F62DADA6133DA00A9F035019C20DB2D54CB544B5D0EB66E816917EF8B56AF787816508B362F600D0903175CF3DAD7BB64323F1F0EFCD2234653B4B7E49B9E6B27117CF7486D5D5557DEF8999AC4640C7EC5B67D244ACA8080447361036852720B257D366CCF02D8742558F7CDD2FB02213642AE122142EF5B36CD1934D2B82908B3B1D46840A8DA8F369F8B7AA2ACEA8F86D900D755310FA4AEB9D7D1A87E2AAB79905000014FC1E73F9422FBC25B91C79AA72234A8B0800000C01000000BE6A71C30D0000181ECF7FD3D6936D4A1F5359E4B6DE81AE1C12A177140000144A131C81070358455C5728F20E95452F14000018C161CEAFC65D8957821E3EB6495B1B34CF15C58E0D00001851A29635775571DA4727495B7E314F89B7457E080D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D0000148299031757A36082C6A621DE00050124000000144048B7D56EBCE88525E7DE7F00D6C2D3
ike 0:Suc_Cristobal:74: VID RFC 3947 4A131C81070358455C5728F20E95452F
ike 0:Suc_Cristobal:74: VID DPD AFCAD71368A1F1C96B8696FC77570100
ike 0:Suc_Cristobal:74: DPD negotiated
ike 0:Suc_Cristobal:74: VID draft-ietf-ipsra-isakmp-xauth-06.txt 09002689DFD6B712
ike 0:Suc_Cristobal:74: VID FORTIGATE 8299031757A36082C6A621DE00050124
ike 0:Suc_Cristobal:74: peer is FortiGate/FortiOS (v5 b292)
ike 0:Suc_Cristobal:74: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3
ike 0:Suc_Cristobal:74: peer identifier IPV4_ADDR 190.106.113.195
ike 0:Suc_Cristobal:74: negotiation result
ike 0:Suc_Cristobal:74: proposal id = 1:
ike 0:Suc_Cristobal:74: protocol id = ISAKMP:
ike 0:Suc_Cristobal:74: trans_id = KEY_IKE.
ike 0:Suc_Cristobal:74: encapsulation = IKE/none
ike 0:Suc_Cristobal:74: type=OAKLEY_ENCRYPT_ALG, val=3DES_CBC.
ike 0:Suc_Cristobal:74: type=OAKLEY_HASH_ALG, val=SHA.
ike 0:Suc_Cristobal:74: type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:Suc_Cristobal:74: type=OAKLEY_GROUP, val=MODP1536.
ike 0:Suc_Cristobal:74: ISAKMP SA lifetime=28800
ike 0:Suc_Cristobal:74: ISAKMP SA f22c43f10af6a87a/b7b0842efa906099 key 24:60FBBD61AB980A86A9912CC6792E202EBB577741DF44DB37
ike 0:Suc_Cristobal:74: probable pre-shared secret mismatch
ike 0:Suc_Cristobal:74: info_send_n1, type 23
ike 0:Suc_Cristobal:74: out F22C43F10AF6A87AB7B0842EFA90609908100500EAE88690000000400B000018479E2DC61A6543B653C6479BD1ED70F870010CFD0000000C0000000101000017
ike 0:Suc_Cristobal:74: sent IKE msg (p1_notify_23): 10.5.1.5:500->190.106.113.195:500, len=64, id=f22c43f10af6a87a/b7b0842efa906099:eae88690
ike 0:Suc_Cristobal:74: out F22C43F10AF6A87A000000000000000001100400000000000000020604000034000000010000000100000028010100010000002001010000800B0001800C7080800100058003000180020002800400050A0000C4526B531BC1B756F8ED0C7413B8B0611AD9A35ADB980A401BBEA02F70F14957D5D68FA4848409C239E2BA2F58C218BE1B60841E46CC9ECFAF583CDB3D40112CB500FD7087BF4B5BA0DEE803CFD3DD897347E22B6FC5CD9DB4011958C44DC6182C6BABE4FD7B4F994400B25E11F192C64246E3BE69DAAF9A2FEF23E5958AE4D9C2B15CC6E858BFFC3EE9C5FAE8A6188683D9CD5C612B34363CF34EC4E6BEF28B11B39010588933332A98413B1A5CBE17043D5271ADB124B83A4C110494F31ED80A0500001405DA042CF046EFC8CAFC70D7B99E78260D000012020000005343726973746F62616C0D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00050428
ike 0:Suc_Cristobal:74: sent IKE msg (P1_RETRANSMIT): 10.5.1.5:500->190.106.113.195:500, len=518, id=f22c43f10af6a87a/0000000000000000
ike 0: comes 190.106.113.195:500->10.5.1.5:500,ifindex=4....
ike 0: IKEv1 exchange=Aggressive id=f22c43f10af6a87a/b7b0842efa906099 len=472
ike 0: in F22C43F10AF6A87AB7B0842EFA9060990110040000000000000001D804000034000000010000000100000028010100010000002001010000800B0001800C7080800100058003000180020002800400050A0000C4E9F95FD1AB24ED8C33D85CEE8E94B7E5D5DCD5EED7F5DDA3383C2DE305F6F62DADA6133DA00A9F035019C20DB2D54CB544B5D0EB66E816917EF8B56AF787816508B362F600D0903175CF3DAD7BB64323F1F0EFCD2234653B4B7E49B9E6B27117CF7486D5D5557DEF8999AC4640C7EC5B67D244ACA8080447361036852720B257D366CCF02D8742558F7CDD2FB02213642AE122142EF5B36CD1934D2B82908B3B1D46840A8DA8F369F8B7AA2ACEA8F86D900D755310FA4AEB9D7D1A87E2AAB79905000014FC1E73F9422FBC25B91C79AA72234A8B0800000C01000000BE6A71C30D0000181ECF7FD3D6936D4A1F5359E4B6DE81AE1C12A177140000144A131C81070358455C5728F20E95452F14000018C161CEAFC65D8957821E3EB6495B1B34CF15C58E0D00001851A29635775571DA4727495B7E314F89B7457E080D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D0000148299031757A36082C6A621DE00050124000000144048B7D56EBCE88525E7DE7F00D6C2D3
ike 0: comes 190.106.113.195:500->10.5.1.5:500,ifindex=4....
ike 0: IKEv1 exchange=Aggressive id=f22c43f10af6a87a/b7b0842efa906099 len=472
ike 0: in F22C43F10AF6A87AB7B0842EFA9060990110040000000000000001D804000034000000010000000100000028010100010000002001010000800B0001800C7080800100058003000180020002800400050A0000C4E9F95FD1AB24ED8C33D85CEE8E94B7E5D5DCD5EED7F5DDA3383C2DE305F6F62DADA6133DA00A9F035019C20DB2D54CB544B5D0EB66E816917EF8B56AF787816508B362F600D0903175CF3DAD7BB64323F1F0EFCD2234653B4B7E49B9E6B27117CF7486D5D5557DEF8999AC4640C7EC5B67D244ACA8080447361036852720B257D366CCF02D8742558F7CDD2FB02213642AE122142EF5B36CD1934D2B82908B3B1D46840A8DA8F369F8B7AA2ACEA8F86D900D755310FA4AEB9D7D1A87E2AAB79905000014FC1E73F9422FBC25B91C79AA72234A8B0800000C01000000BE6A71C30D0000181ECF7FD3D6936D4A1F5359E4B6DE81AE1C12A177140000144A131C81070358455C5728F20E95452F14000018C161CEAFC65D8957821E3EB6495B1B34CF15C58E0D00001851A29635775571DA4727495B7E314F89B7457E080D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D0000148299031757A36082C6A621DE00050124000000144048B7D56EBCE88525E7DE7F00D6C2D3
ike shrank heap by 126976 bytes
Problemas al configurar VPN Site to Site con Fortiigate v5.0 and 5.4.2
Re: Problemas al configurar VPN Site to Site con Fortiigate v5.0 and 5.4.2
Buen dia,
Revisa esta info ([Debes identificarte para poder ver enlaces.]) y nos avisas si tienes todo bien.
A la espera.
Revisa esta info ([Debes identificarte para poder ver enlaces.]) y nos avisas si tienes todo bien.
A la espera.
Defend Your Enterprise Network With Fortigate Next Generation Firewall
NSE4
NSE5
NSE4
NSE5
Re: Problemas al configurar VPN Site to Site con Fortiigate v5.0 and 5.4.2
gracias por la informacion Makco10. Una consulta en la VPN que tengo configurada site to site con Dialup tengo que utilizar el mismo pre-shared key con todos los spoke??
Re: Problemas al configurar VPN Site to Site con Fortiigate v5.0 and 5.4.2
Hola,
No necesariamente, en mi opinión queda a su criterio.
Saludos.
No necesariamente, en mi opinión queda a su criterio.
Saludos.
Defend Your Enterprise Network With Fortigate Next Generation Firewall
NSE4
NSE5
NSE4
NSE5
Re: Problemas al configurar VPN Site to Site con Fortiigate v5.0 and 5.4.2
Solucionado!!!!
Gracias por tu material Makco10. Me fué muy útil. El problema era que habia creado una Zona de VPN, creaba la politica, pero no agregaba la nueva VPN a la Zona, por lo tanto la politica estaba incompleta. Gracias!!
Gracias por tu material Makco10. Me fué muy útil. El problema era que habia creado una Zona de VPN, creaba la politica, pero no agregaba la nueva VPN a la Zona, por lo tanto la politica estaba incompleta. Gracias!!
Re: Problemas al configurar VPN Site to Site con Fortiigate v5.0 and 5.4.2
Excelente,
Saludos.
Saludos.
Defend Your Enterprise Network With Fortigate Next Generation Firewall
NSE4
NSE5
NSE4
NSE5