https://communities.vmware.com/t5/VeloCloud-Discussions/VPN-DO-NOT-ESTABLISH-BETWEEN-VELOCLOUD-GATEWAY-AND-FORTIGATE/m-p/2985905#M166 <P>Good day,</P><P>I have just had the same issue but when connecting to a Cisco ISR.</P><P>I have since resolved this but you will need to know the limitations:</P><P>The setup is limited to what the Gateway supports. For example, to connect to a Cisco ISR, you are limited to using a Tunnel interface routing method, and cannot use a Crypto ACL. Also in my case, I am stuck with IKEv1, and with SHA hashing. SHA-256 and above are not supported.</P><P>Trying to connect a Cisco ISR router to the Gateway using the <EM><U>"Generic IKEv1/2 Router"</U></EM> method has failed so far.&nbsp;</P><P>What option did you use to connect to your Fortigate? I could not spot such an option?</P><P>Can you share the configuration on your Fortigate and on Orchestrator?</P><P>I might be able to spot some discrepancies.&nbsp;</P><P>regards,</P><P>Talal</P> Fri, 08 Sep 2023 19:40:20 GMT TalalTayyaroğlu 2023-09-08T19:40:20Z https://communities.vmware.com/t5/VeloCloud-Discussions/VPN-DO-NOT-ESTABLISH-BETWEEN-VELOCLOUD-GATEWAY-AND-FORTIGATE/m-p/2984290#M157 <P>Hi guys,</P><P>I have a problem with IpSec VPN between Velocloud gateway and Fortigate (VM fortigate on OCI, fortigate 200E, 80E, and 500E appliance).</P><P>In both cases the VPN isn't established correctly.&nbsp;Do you have the same problem or something similar?</P><P>In the case of VPN between Velocloud Gateway and Fortigate VM there is a mismatch with the SPI parameter</P> Mon, 28 Aug 2023 15:03:04 GMT https://communities.vmware.com/t5/VeloCloud-Discussions/VPN-DO-NOT-ESTABLISH-BETWEEN-VELOCLOUD-GATEWAY-AND-FORTIGATE/m-p/2984290#M157 DemianJacome 2023-08-28T15:03:04Z https://communities.vmware.com/t5/VeloCloud-Discussions/VPN-DO-NOT-ESTABLISH-BETWEEN-VELOCLOUD-GATEWAY-AND-FORTIGATE/m-p/2984420#M158 <P>Hi,<BR /><BR />I have never used Fortigate FW with VMware SD-WAN.</P><P>It may be&nbsp; PFS setting.</P><P>Have you tried "no PFS" setting?</P> Tue, 29 Aug 2023 12:35:09 GMT https://communities.vmware.com/t5/VeloCloud-Discussions/VPN-DO-NOT-ESTABLISH-BETWEEN-VELOCLOUD-GATEWAY-AND-FORTIGATE/m-p/2984420#M158 khirom 2023-08-29T12:35:09Z https://communities.vmware.com/t5/VeloCloud-Discussions/VPN-DO-NOT-ESTABLISH-BETWEEN-VELOCLOUD-GATEWAY-AND-FORTIGATE/m-p/2985905#M166 <P>Good day,</P><P>I have just had the same issue but when connecting to a Cisco ISR.</P><P>I have since resolved this but you will need to know the limitations:</P><P>The setup is limited to what the Gateway supports. For example, to connect to a Cisco ISR, you are limited to using a Tunnel interface routing method, and cannot use a Crypto ACL. Also in my case, I am stuck with IKEv1, and with SHA hashing. SHA-256 and above are not supported.</P><P>Trying to connect a Cisco ISR router to the Gateway using the <EM><U>"Generic IKEv1/2 Router"</U></EM> method has failed so far.&nbsp;</P><P>What option did you use to connect to your Fortigate? I could not spot such an option?</P><P>Can you share the configuration on your Fortigate and on Orchestrator?</P><P>I might be able to spot some discrepancies.&nbsp;</P><P>regards,</P><P>Talal</P> Fri, 08 Sep 2023 19:40:20 GMT https://communities.vmware.com/t5/VeloCloud-Discussions/VPN-DO-NOT-ESTABLISH-BETWEEN-VELOCLOUD-GATEWAY-AND-FORTIGATE/m-p/2985905#M166 TalalTayyaroğlu 2023-09-08T19:40:20Z https://communities.vmware.com/t5/VeloCloud-Discussions/VPN-DO-NOT-ESTABLISH-BETWEEN-VELOCLOUD-GATEWAY-AND-FORTIGATE/m-p/2992003#M208 <P>Hi,<BR />I have successfully configured a VPN between Fortigate and VMware SD-WAN Gateway.<BR />Fortigate interface had a public IP address.<BR />I have not tested it in a NAT environment.<BR />Initially, I tried using AES128, SHA-1, and DH2.<BR />After confirming the VPN was established, I switched to stronger parameters.<BR />After setting NSD in the profile, the VPN was established.<BR />I think VMware SD-WAN Gateway is the responder and Fortigate is the Initiator.</P> Sat, 21 Oct 2023 05:24:29 GMT https://communities.vmware.com/t5/VeloCloud-Discussions/VPN-DO-NOT-ESTABLISH-BETWEEN-VELOCLOUD-GATEWAY-AND-FORTIGATE/m-p/2992003#M208 khirom 2023-10-21T05:24:29Z