Make sure to use level=unique tunnel=yes on your policy on the Mikrotik end. On The Fortinet you either need to run policy mode VPN, or if you are using Interface Mode you need to statically set the subnets in the Phase 2 Proxy-ID configuration and add a route to the virtual tunnel interface.

On 8/29/2013 12:43 PM, Jonathan Brewer wrote:

On Thu, Aug 29, 2013 at 11:47 AM, Mark Goldfinch <mark.goldfinch@modicagroup.com> wrote:

I'd appreciate anyone's operational experiences between different IPSec vendors, either on-list or to me directly if you want to protect the identities of the not so innocent :-)

I've consistently failed to get a Mikrotik client to talk to Fortinet gateway. Can I have a cookie?

-JB
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog