Version:

Version:


Table of Contents

GCP Administration Guide

Download PDF
Copy Link

Configuring site-to-site VPN

To configure site-to-site VPN:
  1. On the remote site 1 FortiGate, go to VPN > IPsec Tunnels, then click Create New.
  2. On the VPN Setup tab, configure the following:
    1. For Template type, select Site to Site.
    2. For NAT configuration, select No NAT between sites.
    3. Click Next.
  3. On the Authentication tab, configure the following:
    1. In the Remote IP address field, enter the destination FortiGate public IP address. This is the spoke1 public IP address.
    2. Configure a signature ore preshared key to secure the tunnel.
    3. Click Next.
  4. On the Policy & Routing tab, configure the local and remote subnets. Note that here, the local subnet refers to the remote site subnet, and the remote subnet refers to the NCC external and internal VPC subnets. Click Next.

    Note

    Selecting all local and remote subnets should add the required firewall rules from port2 to the tunnel interface. If not, you must manually add the rules and set to allow all to try and debug the configuration. Ensure that you have added all the required local and remote subnets that need to be allowed through the tunnel.

  5. Review the configuration, then click Create.
  6. Create a similar connection from the Region 1 spoke FortiGate to the remote site 1 FortiGate. When creating this connection, on the Policy & Routing tab, ensure that you add port1 and port2 as local interfaces when creating the tunnel interface.

Configuring site-to-site VPN

To configure site-to-site VPN:
  1. On the remote site 1 FortiGate, go to VPN > IPsec Tunnels, then click Create New.
  2. On the VPN Setup tab, configure the following:
    1. For Template type, select Site to Site.
    2. For NAT configuration, select No NAT between sites.
    3. Click Next.
  3. On the Authentication tab, configure the following:
    1. In the Remote IP address field, enter the destination FortiGate public IP address. This is the spoke1 public IP address.
    2. Configure a signature ore preshared key to secure the tunnel.
    3. Click Next.
  4. On the Policy & Routing tab, configure the local and remote subnets. Note that here, the local subnet refers to the remote site subnet, and the remote subnet refers to the NCC external and internal VPC subnets. Click Next.

    Note

    Selecting all local and remote subnets should add the required firewall rules from port2 to the tunnel interface. If not, you must manually add the rules and set to allow all to try and debug the configuration. Ensure that you have added all the required local and remote subnets that need to be allowed through the tunnel.

  5. Review the configuration, then click Create.
  6. Create a similar connection from the Region 1 spoke FortiGate to the remote site 1 FortiGate. When creating this connection, on the Policy & Routing tab, ensure that you add port1 and port2 as local interfaces when creating the tunnel interface.