IPSec set up IPSec
In the example above, the WAN link IP address mapping of ISAKMP SA 1 between FortWAN 1 and FortiWAN 2 is
typical and correct. Both the WAN link IP addresses, 2.2.2.2 and 4.4.4.4, participate in only one ISAKMP SA, the
ISAKMP SA 1. As for WAN link 3 on FortiWAN 2, its IP address 3.3.3.3 participates in ISAKMP SA 2 and ISAKMP SA 3
(more than one ISAKMP SA), which causes failure to establish ISAKMP SA 2 and ISAKMP SA 3. IPSec connections
thus can not be established.
The above example indicates a valid IPSec deployment. The mapping of WAN link IP address for all the ISAKMP SAs
between the two devices are in one-to-one relationship:
l ISAKMP SA 1: 2.2.2.2 - 4.4.4.4
l ISAKMP SA 2: 3.3.3.3 - 5.5.5.5
l ISAKMP SA 3: 1.1.1.1 - 6.6.6.6
FortiWAN Handbook
Fortinet Technologies Inc.
181
To Next Page
Loading...
