08-20-2009 02:29 PM - edited 03-11-2019 09:08 AM
I am trying to establish a L2L VPN connection between a Cisco877 (spoke) and a Fortinet firewall (hub). The attached files show Cisco 877 current configuration and the result from a debug generated when I ran a test VPN with SDM application.
My first question is about agressive mode, because the debug events indicate it can not be started. My research indicate my configuration may be incomplete but Iam not sure.
The second question is because the IKE process appears to be completed, but inmediately there is a message indicating "fatal information" (?), so I think the phase 2 is never initiated.
Can somebody help me to understand the meaning of debug messages, and identify where the error is?
Note: The Cisco router receives a dynamic IP address through ADSL (a.b.c.d) and the Fortinet has an static IP address indicated in both files as *.*.*.*
08-26-2009 08:05 AM
My guess is its maching on some crypto map, but does not match up with the ike profile. You may try the below configuration:
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet0/1/0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide