NON MERAKI PEER IS NOT WORKING

ArteckMX
Here to help

NON MERAKI PEER IS NOT WORKING

We are trying to stablish a tunnel bettween MX100 and a Fortigate D and we can't see Froti side, the vpn tunnel show as available but in VPN ststus is not active, and the ping is not recognized and we think they have to NAT their Fortigate but we are not sure.

 

Some one knows if meraki could work with a Fotinet or if theres something in meraki side thta is not working, the tracert shows my next hop but it doesen't find the fortinet public IP. Is something on their side that stop us?

10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal

Try this setup:

 

alemabrahao_0-1690393549728.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Let us try, I think we have, but let me try.

DarrenOC
Kind of a big deal
Kind of a big deal

Hi @ArteckMX , you shouldn’t have to use IKE1 as it’s the least secure option available.  I’ve integrated Meraki VPN with Forti before so it’s most certainly possible but I do remember the remote partner struggling with their Config.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

ok thank you!

I agree, but remmember, unfortunately, there are known compatibility issues to certain vendors (yes, I know that Fortinet is not one of them). So, they can use whatever works best for them.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
BlakeRichardson
Kind of a big deal
Kind of a big deal

Is the tunnel standing up at all? Your OP seems to suggest it has and that it's a routing issue now.

 

Have you created rules on the Fortigate to allow traffic such as ping?

Hello Blake I don't control the Fortigate, we ask them the Portforwarding and the same encryption method, I don't know if they need another rule. They say all is confugrated but I don't think so.

I would ask them to supply screenshots of the configuration. If they can't supply that your chances of getting this working are pretty slim. 

DarrenOC
Kind of a big deal
Kind of a big deal

Agree with @BlakeRichardson , the Meraki side is as simple as it gets so you’re reliant whom ever is configuring the Forti to get their part right.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
amabt
Building a reputation

We have Meraki to Fortigate working. We control both ends. However have recently retired that. Sounds like issue is on fortigate end.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels