![]() When the Dial-Up tunnel is down the route disappears. Once the Dial-Up VPN is up and running the FG automatically installs a static-route 10.5.1.0/24 via Dial-Up-IPSec interface. In this Dial-Up scenario there's no need (and possibility) to configure explicit static-routing. Set dstaddr "172.24.1.0/24" -> Local Subnet on FortiOS side Set srcaddr "10.5.1.0/24" -> Local Subnet on RouterOS side Hence I have configured only one policy for this dierction) Set dst-subnet 10.5.1.0 255.255.255.0 -> Local Subnet on RouterOS sideįG80C # config firewall policy (in my case I want only RouterOS side to contact the FG80C side. Complete the configuration before beggining with tests.įind below the CLI configuration for both devices. In contrast RouterOS bring you into thinking to "build&test" step-by-step, Phase1 then Phase2 then Policies. ![]() The main source of mistake was that the FG wants everything (Phase1, Phase2 and Firewall Policies) all correctly configured before any test can take place. If you're still interested contact me and I'll be happy to show the way I did. Good evening all, I've finally managed to have this scenario working: RouterOS (6.40.4) behind a NAT is now able to open IPSec SA to a FG80C (5.6), the traffic is routed. ![]()
0 Comments
Leave a Reply. |