- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSEC VPN Fortigate 100F to Multiple Meraki Sites
We Have a new site behind a FortiGate 100F.
This is set up with our organization to connect to 4 different sites.
For each site we set up a different VPN inn FortiGate.
We got the tunnels up (Phase one and 2) but they eventually go down and sometimes come back up other don't.
From the Meraki side. I've changed Encryption and Authentication to many combinations.
Outcome is the same.
From the FortiGate side we tried
DPD Disabled.
Autokey Keepalive disabled.
This is Phase 1 and 2 on the Meraki Side.
This is Phase 1 and 2 on FortiGate.
- Labels:
-
3rd Party VPN
-
Firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Meraki is updating its device-to-cloud connectivity to an architecture that was crafted from the ground up to provide even greater security and simplicity for connectivity. This connectivity is currently available on devices that meet certain firmware requirements, noted below in the section, Supported Firmware/Models.
Prerequisites for enabling FIPS
In order to enable FIPS mode, please ensure that the settings below in your Dashboard are in compliance with FIPS Standards:
Security & SD-WAN -> Configure: Site-to-site VPN -> Non Meraki VPN settings:
- Preshared secret must be greater than 14 characters
- Authentication cannot be MD5
- Diffie-Hellman Group must be 14
- Phase 2 encryption cannot be NULL
- PFS can be configured to be either off or 14
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm sorry but... What does it have to do with the Issue?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Keep in mind that in the future it can be a problem, I have to reconfigure some tunnels because of FIPS mode, so I suggest you change your settings as recommended, maybe It can help. But It's your choice, I'm just trying to help you.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got it. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There can often be issues if multiple subnets exist in the encryption domain. Is this the case - and if it is - is there any chance that only one combination of the subnets work at a time?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not Really. I often got multiple subnets working at the same time. For example now. I have a RDP session open with one remote subnet and ping runing to others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't know if this is your issue - but this article talks about it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It doesn't apply to my issue. Also, the Firmware on the Fortigate is 7.2.x