MX to Fortigate Site to site VPN help needed

RYN0
Here to help

MX to Fortigate Site to site VPN help needed

Is there anyone with experience setting up site to site VPN links between an MX and a Fortigate? I am familiar with and have used the guidelines in Meraki's KB dealing with 3rd party VPNs. I am having no luck at all still. Any insight would be much appreciated. Thanks.

8 Replies 8
MarcP
Kind of a big deal

Hi @RYN0 

 

we use it for alle our  sites.

On fortinet-site it is configures as Dial-Up IPSec

 

an here the config of the MX´s, 

 

2019-07-24 08_41_46-VPN Configuration - Meraki Dashboard.png2019-07-24 08_42_01-VPN Configuration - Meraki Dashboard.png

RYN0
Here to help

I know how to set it up on the MX end. I just cannot get just right on the fortinet end.

 

I setup a custom IPSec VPN policy on the fortigate with matching phase 1 and 2 proposals. not sure what else is needed on the fortigate end to make it play nice.

CptnCrnch
Kind of a big deal
Kind of a big deal

Let me get this straight: you‘re asking for help to configure a Fortinet VPN in a Meraki forum? 🤭

RYN0
Here to help

Hi CptnCrnch

I am asking if anyone here is familiar with making a Fortigate work with a Meraki MX to get a stable VPN tunnel going and how they did it.

 

If I need snide remarks in the future, I will be sure to go to you first. If you cannot contribute, there is not point in replying to this thread and wasting other people's time with your useless comments.

 

Have a nice day!

JAIROJASH
Here to help

HI, did you manage to get the connections between Meraki and Fortinet working?
If you managed to do it, can you tell me how you configured it on each side and what policy you created in the firewall?
Thanks for your help.

Phanto
Comes here often

 Hi MarcP

 

in this case (Non Meraki VPN Peer) the MX needs to be on "Hub Mode" ?

Phanto
Comes here often

Hi MarcP



in this case (Non Meraki VPN Peer) the MX needs to be on "Hub Mode" ?
MarcP
Kind of a big deal

Depends....

 

We use different organizations, in one wach of the MXs is a Hub (No autoVPN possible)

 

In another org we use a MX250 as a Hub and all MX 65 as spokes (but all die their own ipsec tunnel to the fortigate peer)

 

All designed as mentioned from the Meraki SE recommendation

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels