Scribd Logo
Upload

Welcome to Scribd!

  • Site To Site IPsec VPN With Two FortiGates PDF

    Uploaded by

    Victor Diaz
    16 views5 pages

    Original Title

    site-to-site-IPsec-VPN-with-two-FortiGates.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views5 pages

    Site To Site IPsec VPN With Two FortiGates PDF

    Uploaded by

    Victor Diaz

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Using IPsec VPN to provide communication

    between two offices


    In this example, you will allow transparent communication between two networks that are
    located behind different FortiGates at different offices using route-based IPsec VPN. The
    VPN will be created on both FortiGates by using the VPN Wizards Site to Site FortiGate
    template.
    In this example, one office will be referred to as HQ and the other will be referred to as
    Branch.

    1. Configuring the HQ IPsec VPN


    2. Configuring the Branch IPsec VPN
    1. Configuring the HQ IPsec VPN
    On the HQ FortiGate, go to VPN >
    IPsec > Wizard and select Site to
    Site FortiGate.

    In the Authentication step, set


    the Branch FortiGates IP as the
    Remote Gateway (in the example,
    172.20.120.142). After you enter the
    gateway, an available interface will be
    assigned as the Outgoing Interface.
    If you wish to use a different interface,
    select Change.
    Set a secure Pre-shared Key.
    In the Policy & Routing section, set
    Local Interface to your lan interface.
    The Local Subnet will be added
    automatically. Set Remote Subnets
    to the Branch FortiGates local subnet
    (in the example, 192.168.50.0/24).

    A summary page shows the


    configuration created by the wizard,
    including firewall addresses, firewall
    address groups, a static route, and
    security policies.

    2. Configuring the Branch IPsec VPN


    On the HQ FortiGate, go to VPN >
    IPsec > Wizard and select Site to
    Site FortiGate.
    In the Authentication step,
    set the HQ FortiGates IP as the
    Remote Gateway (in the example,
    172.20.120.123). After you enter the
    gateway, an available interface will be
    assigned as the Outgoing Interface.
    If you wish to use a different interface,
    select Change.
    Set the same Pre-shared Key that
    was used for HQs VPN.

    In the Policy & Routing section, set


    Local Interface to your lan interface.
    The Local Subnet will be added
    automatically. Set Remote Subnets
    to the HQ FortiGates local subnet (in
    the example, 192.168.100.0/24).

    A summary page shows the


    configuration created by the wizard,
    including firewall addresses, firewall
    address groups, a static route, and
    security policies.
    3. Results
    Go to VPN > Monitor > IPsec
    Monitor to verify the status of the
    VPN tunnel. Ensure that its Status is
    Up.

    A user on either of the office networks


    should be able to connect to any
    address on the other office network
    transparently.
    Refresh the IPsec Monitor to verify
    that traffic is flowing.

    You might also like