Virtual Router/ Firewall/ VPN

Reply
New Member
Posts: 1
Registered: ‎06-21-2014

Problem with ipsec connection between vyatta and forigate 200a

Hello, this is my first post in this forum. I glad to be here :)

 

I have a problem with vpn ipsec connection in LAN (for testing).

 

Vyatta:

wan interface 172.16.0.1

lan interface 10.0.1.194 (this is not a pimary vyatta in my network)

 

Fortigate

wan interface 172.16.0.2

lan interface 192.168.200.1

 

Vyatta config:

 

 ipsec {
     esp-group vyatta_to_fg {
         lifetime 1800
         mode tunnel
         pfs dh-group5
         proposal 1 {
             encryption 3des
             hash sha1
         }
         proposal 2 {
             encryption aes128
             hash sha1
         }
     }
     ike-group vyatta_to_fg {
         lifetime 28800
         proposal 1 {
             dh-group 5
             encryption 3des
             hash sha1
         }
         proposal 2 {
             dh-group 5
             encryption aes128
             hash sha1
         }
     }
     ipsec-interfaces {
         interface eth2
     }
     nat-networks {
         allowed-network 192.168.200.0/24 {
         }
     }
     nat-traversal enable
     site-to-site {
         peer 172.16.0.2 {
             authentication {
                 id test
                 mode pre-shared-secret
                 pre-shared-secret qweasd123
             }
             connection-type initiate
             default-esp-group vyatta_to_fg
             ike-group vyatta_to_fg
             local-address 172.16.0.1
             tunnel 1 {
                 esp-group vyatta_to_fg
                 local {
                     prefix 10.0.1.0/24
                 }
                 protocol all
                 remote {
                     prefix 192.168.200.0/24
                 }
             }
         }
     }
 }

 Fortigate config:

 

config vpn ipsec phase1
    edit "vyata"
        set interface "wan2"
        set nattraversal disable
        set proposal 3des-sha1 aes128-sha1
        set localid "test"
        set dpd disable
        set remote-gw 172.16.0.1
        set psksecret ENC KAbZCMTX5Be5B/PuwpzjG4mUAQT7va/B51CtkGtM9D4CfNkYEWVq0+lfvwxYh0kn7R8opYpjmaut0sCZDFMz74R9uEVFkV2ggD+U9PfEVOyoNyQf
    next
end

config vpn ipsec phase2
    edit "vyatta2"
        set phase1name "vyata"
        set proposal 3des-sha1 aes128-sha1
        set replay disable
        set dst-subnet 10.0.1.0 255.255.255.0
        set src-subnet 192.168.200.0 255.255.255.0
    next
end

 

Both devices dont reconize where are thir remote subnets (10.0.1.0 and 192.168.200.0)

 

Do you know what is wrong with this configs?

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook