IPSec Site-to-Site VPN between Fortigate and Mikrotik


If you are searching documentation on how to create a Site-to-Site IPSec VPN between a Fortigate and a Mikrotik router you found the right blog post. Below are the complete steps.

Equipment used:

Fortigate 60D, firmware v5.2.0. Internal LAN IP:
Mikrotik RB2011UiAS. Internal LAN IP:

Configure the Mikrotik:

  1. Create a NAT accept rule between the internal LAN and remote LAN:


2. Open IP > IPSec.

Go to Proposals TAB and create a new proposal profile:

Go to Policies TAB. Create a New Policy, fill in Source LAN and Destination LAN:

On the Action TAB fill Source Address with the Mikrotik WAN Address and Destination Address with the Fortigate WAN IP. Check Tunnel Mode. Select the Proposl created previously:

Go to Peers TAB and create a new IPSec Peer.

Address: fill in the Fortigate WAN IP.
Secret: the Pre-Shared Key (password)
Make the rest of the settings as in the image below:

You don't need to create other Statis routes or IPSec interfaces on the router.

Next step, configure the Fortigate:

Go to VPN and create a new Tunnel, with Custom – Static IP Address settings:

Edit the settings:

In the Network section, in IP Address fill in the WAN IP of the Mikrotik:


Next in Authentication section fill in the same Pre-Shared Key as in Mikrotik:

In Phase 1 Proposal:


In XAUTH keep Disabled:

In Phase 2 Selectors:

Go to Monitor section, you should see the connection as Up:

Now, we need to create the Firewall rules to accept:

Rule 14: traffic from Fortigate LAN to go to Mikrotik02 interface to the LAN
Rule 15: traffic from from the interface Mikrotik02 to Internal Fortigate LAN


Rule 14:

Rule 15:

Objects, Addresses details:

The connection will be activated when the first traffic is matched to be sent on the IPSec tunnel. You can check the Installed SAs TAB, where you should find at least 2 records:

And you can test the connection with a PING from Mikrotik, but select the Interface: bridge-local:

This is it. Hope it helped you in seeting up the IPSec VPN connection!

The System Center Virtual Machine Manager service terminated unexpectedly

You have a System Center Virtual Machine Manager 2008 R2 and you reboot the server or restart the Virtual Machine Manager VMMService service and receive the error :

The Virtual Machine Manager service terminated unexpectedly.  It has done this x time(s).

Service Control Manager

EventID 7034


In this case we've changed the Regional Format from Control Panel from English to other format. Change the format back to English and the service will start ok.