Comunidad FORTIGATE.es

Hola,

Alguien puede ayudarme a resolver este problema:+

Tengo que establecer una VPN entre un Fortigate y un equipo SonicWall.

He seguido los procedimientos que tiene publicados fortinet, he estado haciendo pruebas y la VPN entre estos dos equipos levanta, pero no hay comunicacion. en VPN - Monitor, aparece arriba la VPN, incluso en el equipo sonicwall, pero no hay comunicacion entre firewall's ni entre redes.

Alguna idea?

Saludos

hola de que manera armaste la vpn? podrias mostrarnos la configuracion? y la politica?


saludos

Gracias Gaby,

FortiGate Device Setting

To configure the Phase1 settings

Go to VPN > IPSec > Phase 1.
Select Create New and enter the following:
Gateway Name: ToSonicWall
Remote Gateway: SonicWall Static Public IP Address
IP Address: Public IP Address

Local Interface: Wan1 (if it is public interface)
Mode: Main
Authentication Method: Preshared Key
Preshared Key: preshared key

Select Advanced and enter the following:

Encryption: 3DES
Authentication: SHA1
DH Group: 2
Keylife: 28800

Dead Peer Detection: Disabled

Leave all other settings as default.
Select OK.
To configure the Phase 2 settings
Go to VPN > IPSec > Phase 2.
Select Create New and enter the following:

Tunnel Name: SonicWallP2
Remote Gateway: Select ToSonicWall
Select Advanced and enter the following:

Encryption: 3DES
Authentication: SHA1
Enable replay detection : Unchecked
DH group: 2
Keylife: 28800
Autokey Keep Alive : Checked
Quick Mode Selector
Source address: Internal LAN Subnet
Destination address: Remote LAN Subnet
Select OK.
To add the addresses

Go to Firewall > Address.
Select Create New to create the FortiGate address.
Enter a name for the address, for example FortiGate_network.
Enter the FortiGate IP address and subnet. “ Internal LAN Subnet ”
Select OK.
Select Create New again to create the SonicWALL address.
Enter the name for the address, for example SonicWALL_network.
Enter the SonicWall IP address and subnet. “ Remote LAN Subnet ”
Select OK.
To create a firewall policy for the VPN traffic going from the SonicWALL device to the FortiGate unit

Go to Firewall > Policy.
Select Create New and set the following:

Source Interface: Internal
Source IP address: Internal LAN Subnet
Destination Interface: WAN1 (or external)
Destination Address Name: Remote LAN Subnet
Schedule: always
Service: ANY
Action: Encrypt
VPN Tunnel: ToSonicWall
Select Allow inbound
Select Allow outbound
Select OK


Configure the SonicWALL Device
Go to “General” tab.
Under Security Policy
Authentication Method: IKE using Preshared Secret
Name: ToFortiGate
IPSec Primary Gateway Name or Address: FortiGate Public IP Address

IKE Authentication
Shared Secret: preshared key
Confirm Share Secret: preshared key
Others leave to default.

Create 2 addresses Internal LAN Subnet and Remote LAN Subnet.
Go to “Network” tab.
Local Networks
Choose local network from list : Internal LAN Subnet
Choose local network from list : Remote LAN Subnet

5. Go to “Proposals” tab.

IKE (Phase 1) Proposal
Exchange: Main Mode
DH Group: Group2
Encryption: 3DES
Authentication: SHA1
Life Time(seconds): 28800

IPSec (Phase 2) Proposal
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Enable Perfect Forward Secrecy: Checked
DH Group: Group2
Life Time (seconds): 28800

6. Go to “Advanced” tab.
Enable: Keep Alive

hola, podrias pegar la configuracion desde un backup¡? hiciste copiar y pegar desde la web y hay datos que no se ven.

saludos

Gaby,

Te lo envie asi para que veas la configuracion que recomienda Fortinet.

si no se ven, lo envio adjunto...

hola, si vos lo hiciste tal cual???
que redes privadas tenes en cada sitio?
te da algun error?

es este articulo
[Debes identificarte para poder ver enlaces.]
saludos

Asi es, lo hice tal cual y levanta la VPN entre los dos equipos, pero no hay comunicacion.

Hola, que redes privadas tenes en cada sitio ???

haciendo ping... por donde ves la sesion ??? por donde se va?
y un tracert??

saludos