IPSec VPN Tunnel Between Fortinet FortiGate and Cisco Meraki MX - Configuration and Troubleshooting
HTML-код
- Опубликовано: 6 сен 2023
- In this video, Marcellus and I go through configuring a site to site IKEv1 IPSec VPN tunnel between a FortiGate (firmware version 7.2.5) and a MX (Firmware 18.107.2). In this example, both Firewalls are behind NAT devices so some configurations may be different depending on your specific environment. We cover configurations within Meraki dashboard and FortiGate GUI mgmt interface, configuring firewall policies for IPSec tunnels, adding static routes, and extensively cover troubleshooting a tunnel not establishing connection. We finish up by going over the specific configurations we use on both sides of the connection.
In this video we do cover a lot of little tidbits that aren't well known, such as Non Meraki peer monitor in Meraki dashboard only monitors if phase 1 is up for a tunnel which can be misleading. We showed how to verify a tunnel is up and some differences between MX firmware versions and things to try if your tunnel is not coming up.
As always leave a comment if you need liked the video or seek assistance! 
Наука
![[TSHOOT] Troubleshoot Non-Meraki VPN Tunnels with Cisco Meraki MX Security Appliances](http://i.ytimg.com/vi/WJNUImcWfWg/mqdefault.jpg)
![[TSHOOT] Troubleshoot Non-Meraki VPN Tunnels with Cisco Meraki MX Security Appliances](/img/tr.png)
![[TSHOOT] Troubleshoot AutoVPN and VPN Registry in Cisco Meraki MX Security Appliances](/img/1.gif)
Appreciate the video Alex! First time setting up VPN tunnel between MX and FortiGate, and this worked out perfectly for me.
Nicely done! I am a network engineer at an enterprise company, and we have Meraki at all the plant locations but have FortiGate in the cloud. I personally dislike Meraki for multiple reasons. Hoping to move to Fortinet in the future. Meraki is great for an SMB, but not enterprise.
Have a nice day! Mr Alex. Could you help to share the topology in this video ? ( Fortinet and Meraki MX ). Thank you so much.
diag deb application ike 4 .. and you'll see all Ph1 and Ph2 messaging, don't forget to apply the filter for the specific tunnel. Plus, you have to mention how Fortigate handles Ph2 SA per subnet vs Cisco or Meraki .
Thank you
Thanks for the video, it did help, but I had to contact Fortigate because the tunnel would not come up. It turned out that the Fortigate was advertising the FQDN and not the public IP. We had to enter the command "set localid-type address" and then both ends came up.
I was wondering - we have a Meraki Mesh ( Auto hub ) of 6 units in various states. Got the Fortigate to establish a tunnel from one of the Merakis in the mesh, but how would you go about creating the rest of the tunnels on the fortigate side, any tricks because we have tried duplicating what is working for the first, and no dice every time.
Can you do a video about fortiauthenticator?
Is there a specific feature around FortiAuthenticator your looking for a video on?
One of this was “simplified.” Clearly needed more rehearsing and constantly talked over each other. Also, way way way too long. Simple = better.