I try to mount a tunnel between cisco 877 and fortigate 3000.
In my Cisco I have this error when I try to bring up the tunnel in the fortigate:
Jun 16 07:21:28.132: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= cisco public IP, remote= fortigate public IP,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
Jun 16 07:21:28.132: IPSEC(ipsec_process_proposal): proxy identities not supported
Jun 16 07:21:28.132: ISAKMP:(2051): IPSec policy invalidated proposal with error 32
Jun 16 07:21:28.132: ISAKMP:(2051): phase 2 SA policy not acceptable!
I find that comes from policy (ACL) error...
I put this in my Cisco:
access-list 101 permit ip host [cisco public IP] host [fortigate public IP]
I put this in my fortigate:
firewall -> policy:
[fortigate public IP] [cisco public IP] Action IPSEC VNP_Tunnel my_vpn
That doesn't work! Any suggestions?
In Fortigate docs I read that the the policy should be done between lan behind the fortigate (srce) and the private network behind the Cisco.
What do you think of this?