Thursday, May 14, 2009

LAN-to-LAN VPN between ASA and Fortinet

I just created a LAN-to-LAN IPSEC VPN tunnel between a Cisco ASA 5505 and a Fortinet Fortigate 100A. This is a first for me. I really shy away from L2L tunnels between desperate equipment vendors. But, it worked like a champ, thanks to some good documentation from both vendors.

From Fortinet, read this article that provides step-by-step instructions, using the web tool or command line.
From Cisco, read this article that provides enough information to set-up the ASA tunnel configuration.

Thanks for the good documentation guys!


Crossnet said...

I´m trying the same configuration, but there seem to be some problems.

I tried to open the link to Fortinet, but it opens the main page of the Knowledgebase, no the article.

Is the configuration the same for Cisco PIX that Cisco ASA?

Do you remember the exact configuration?

Dir Flash said...

Crossnet -

Thank you for reviewing my post.

I found the link to the Fortinet's Knowledge Base article and updated the URL in the post ( The article is entitled "FortiGate to Cisco PIX VPN".

Working with an EOL PIX? That's definitely going to make your job harder, with no support or current documentation.

The configuration will be different between a PIX and an ASA. But, the principals are the same.

I was able to find an older article on Cisco's site that should help. The document id is 6211. The title of the document is "Configuring a Simple PIX−to−PIX VPN Tunnel Using IPSec".

I hope this helps you get the tunnel up and working.

Crossnet said...

Thank you very much,

I had found the same Fortinet article, "FortiGate to Cisco PIX VPN", but it doesn´t work correctly.

The other side has an ASA, but they don´t know if they can apply the same configuration than PIX.

I'll try to find the Cisco article.

I appreciate your help, I will keep trying it!