FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Article Id 193653
Description

This article provides some reminders for FortiGate to Cisco IPSec when using GRE tunneling in FortiOS 4.1 and FortiOS 4.2.


Scope

FortiOS 4.0 MR1 and above.


Solution
1. The physical interface to which the GRE tunnel is bound is mandatory if running FortiOS 4.1:
# conf system interface
# edit to_Cisco
# set remote-ip 192.168.16.1
# set ip 192.168.16.2 255.255.255.255
# set interface <physicalInterface>
# end
In FortiOS 4.2 this step is no longer required

2. Up to FortiOS 4.0 MR1 only tunnel mode is possible.

3. If the remote Cisco device requires transport-mode for GRE-IPSec, this feature is only available from FortiOS 4.0MR2.


Contributors