Configuring IPsec VPN With A FortiGate and A Cisco ASA
Configuring IPsec VPN With A FortiGate and A Cisco ASA
Configuring IPsec VPN With A FortiGate and A Cisco ASA
Cisco ASA
The following recipe describes how to configure a site-to-site IPsec VPN tunnel.
In this example, one site is behind a FortiGate and another site is behind a Cisco
ASA. Using FortiOS 5.0 and Cisco ASDM 6.4, the example demonstrates how to
configure the tunnel between each site, avoiding overlapping subnets, so that a
secure tunnel can be established with the desired security profiles applied. The
procedure assumes that both devices are configured with appropriate internal and
external interfaces.
1. Configuring the Cisco device using the IPsec VPN Wizard
2. Configuring the FortiGate tunnel phases
3. Configuring the FortiGate policies
4. Configuring the static route in the FortiGate
5. Results
Site 1
FortiGate
LAN
Site 2
IPsec VPN
Internet
IPsec VPN
CISCO ASA
LAN
From the options that appear, select Site-tosite, with the VPN Tunnel Interface set to
outside, then click Next.
Results
The tunnel should now be active. On the
FortiGate, verify that the tunnel is up by
navigating to VPN > Monitor > IPsec
Monitor.
The IPsec Monitor table will indicate the
source and destination addresses, and the
status of the tunnel (up or down) and its
uptime.
For more detailed tunnel information, go to
Log & Report > Event Log > VPN and
view the table.