Table of Contents
Advertisement
IPSec set up
In the example above, the WAN link IP address mapping of ISAKMP SA 1 between FortWAN 1 and FortiWAN 2 is
typical and correct. Both the WAN link IP addresses, 2.2.2.2 and 4.4.4.4, participate in only one ISAKMP SA, the
ISAKMP SA 1. As for WAN link 3 on FortiWAN 2, its IP address 3.3.3.3 participates in ISAKMP SA 2 and ISAKMP SA 3
(more than one ISAKMP SA), which causes failure to establish ISAKMP SA 2 and ISAKMP SA 3. IPSec connections
thus can not be established.
The above example indicates a
between the two devices are in one-to-one relationship:
ISAKMP SA 1: 2.2.2.2 - 4.4.4.4
l
ISAKMP SA 2: 3.3.3.3 - 5.5.5.5
l
ISAKMP SA 3: 1.1.1.1 - 6.6.6.6
l
FortiWAN Handbook
Fortinet Technologies Inc.
valid IPSec deployment. The mapping of WAN link IP address for all the ISAKMP SAs
IPSec
181
Advertisement
Table of Contents
Need help?
Do you have a question about the FortiWAN and is the answer not in the manual?