Scribd Logo
Upload

Welcome to Scribd!

  • IPSec Site-to-Site VPN Between Fortigate and Mikrotik - FASTBIT

    Uploaded by

    Acronis Concesion
    6 views16 pages
    IPSec Site-to-Site VPN between Fortigate and Mikrotik _ FASTBIT

    Original Title

    IPSec Site-to-Site VPN between Fortigate and Mikrotik _ FASTBIT

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    IPSec Site-to-Site VPN between Fortigate and Mikrotik _ FASTBIT

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views16 pages

    IPSec Site-to-Site VPN Between Fortigate and Mikrotik - FASTBIT

    Uploaded by

    Acronis Concesion
    IPSec Site-to-Site VPN between Fortigate and Mikrotik _ FASTBIT

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    IPSEC SITE­TO­SITE VPN BETWEEN

    FORTIGATE AND MIKROTIK
    Posted on April 17, 2015 by fbadmin

    Hi,

    If you are searching documentation on how to create a Site­to­Site IPSec VPN between a Fortigate and a Mikrotik
    router you found the right blog post. Below are the complete steps.

    Equipment used:

    Fortigate 60D, firmware v5.2.0. Internal LAN IP: 192.168.1.0/24
    Mikrotik RB2011UiAS. Internal LAN IP: 192.168.4.0/24

    Configure the Mikrotik:

    1. Create a NAT accept rule between the internal LAN and remote LAN:

    Details:
    2. Open IP > IPSec.

    Go to Proposals TAB and create a new proposal profile:
    Go to Policies TAB. Create a New Policy, fill in Source LAN and Destination LAN:
    On the Action TAB fill Source Address with the Mikrotik WAN Address and Destination Address with the Fortigate
    WAN IP. Check Tunnel Mode. Select the Proposl created previously:

    Go to Peers TAB and create a new IPSec Peer.
    Address: fill in the Fortigate WAN IP.
    Secret: the Pre­Shared Key (password)
    Make the rest of the settings as in the image below:

    You don't need to create other Statis routes or IPSec interfaces on the router.

    Next step, configure the Fortigate:

    Go to VPN and create a new Tunnel, with Custom – Static IP Address settings:
    Edit the settings:

    In the Network section, in IP Address fill in the WAN IP of the Mikrotik:
     

    Next in Authentication section fill in the same Pre­Shared Key as in Mikrotik:
    In Phase 1 Proposal:
     

    In XAUTH keep Disabled:
    In Phase 2 Selectors:
    Go to Monitor section, you should see the connection as Up:
    Now, we need to create the Firewall rules to accept:

    Rule 14: traffic from Fortigate LAN to go to Mikrotik02 interface to the 192.168.4.0 LAN
    Rule 15: traffic from 192.168.4.0 from the interface Mikrotik02 to Internal Fortigate LAN

    Details:

    Rule 14:
    Rule 15:
    Objects, Addresses details:
    The connection will be activated when the first traffic is matched to be sent on the IPSec tunnel. You can check
    the Installed SAs TAB, where you should find at least 2 records:

    And you can test the connection with a PING from Mikrotik, but select the Interface: bridge­local:
    This is it. Hope it helped you in seeting up the IPSec VPN connection!

    You might also like