Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN connection Cisco 877 vs Fortinet not coming up

I am trying to establish a L2L VPN connection between a Cisco877 (spoke) and a Fortinet firewall (hub). The attached files show Cisco 877 current configuration and the result from a debug generated when I ran a test VPN with SDM application.

My first question is about agressive mode, because the debug events indicate it can not be started. My research indicate my configuration may be incomplete but Iam not sure.

The second question is because the IKE process appears to be completed, but inmediately there is a message indicating "fatal information" (?), so I think the phase 2 is never initiated.

Can somebody help me to understand the meaning of debug messages, and identify where the error is?

Note: The Cisco router receives a dynamic IP address through ADSL (a.b.c.d) and the Fortinet has an static IP address indicated in both files as *.*.*.*

1 REPLY
Bronze

Re: VPN connection Cisco 877 vs Fortinet not coming up

My guess is its maching on some crypto map, but does not match up with the ike profile. You may try the below configuration:

interface Virtual-Template1 type tunnel

ip unnumbered FastEthernet0/1/0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

tunnel mode ipsec ipv4

tunnel protection ipsec profile SDM_Profile2

557
Views
0
Helpful
1
Replies
CreatePlease login to create content