VPN connection Cisco 877 vs Fortinet not coming up

descalante2007 · ‎08-20-2009

I am trying to establish a L2L VPN connection between a Cisco877 (spoke) and a Fortinet firewall (hub). The attached files show Cisco 877 current configuration and the result from a debug generated when I ran a test VPN with SDM application.

My first question is about agressive mode, because the debug events indicate it can not be started. My research indicate my configuration may be incomplete but Iam not sure.

The second question is because the IKE process appears to be completed, but inmediately there is a message indicating "fatal information" (?), so I think the phase 2 is never initiated.

Can somebody help me to understand the meaning of debug messages, and identify where the error is?

Note: The Cisco router receives a dynamic IP address through ADSL (a.b.c.d) and the Fortinet has an static IP address indicated in both files as *.*.*.*

htarra · ‎08-26-2009

My guess is its maching on some crypto map, but does not match up with the ike profile. You may try the below configuration:

interface Virtual-Template1 type tunnel

ip unnumbered FastEthernet0/1/0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

tunnel mode ipsec ipv4

tunnel protection ipsec profile SDM_Profile2