Fortinet black logo

Cookbook

Configuring the IPsec VPN on Branch

Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:39944
Download PDF

Configuring the IPsec VPN on Branch

  1. On Branch, go to VPN > IPsec Wizard and create a new tunnel.

    In the VPN Setup section, set Template Type to Site to Site.

    Set Remote Device Type to FortiGate.

  2. In the Authentication section, set IP Address to the public IP address of the HQ FortiGate (in this example, 172.25.176.142).

    After you enter the IP address, an interface is assigned as the Outgoing Interface. If you want to use a different interface, select it from the dropdown menu.

    Set Authentication Method to Signature.

    For the Certificate Name, select the client certificate (in this example, FortiGate-Branch).

    For the Peer Certificate CA, select the CA certificate for HQ (in this example, CA_Cert_1).

  3. In the Policy & Routing section, set Local Interface to LAN. The local subnet is added automatically.

    Set Remote Subnets to HQ’s local subnet (in this example, 192.168.37.0/24).

  4. Review the configuration summary that shows the firewall addresses, static routes, and security policies.

Configuring the IPsec VPN on Branch

  1. On Branch, go to VPN > IPsec Wizard and create a new tunnel.

    In the VPN Setup section, set Template Type to Site to Site.

    Set Remote Device Type to FortiGate.

  2. In the Authentication section, set IP Address to the public IP address of the HQ FortiGate (in this example, 172.25.176.142).

    After you enter the IP address, an interface is assigned as the Outgoing Interface. If you want to use a different interface, select it from the dropdown menu.

    Set Authentication Method to Signature.

    For the Certificate Name, select the client certificate (in this example, FortiGate-Branch).

    For the Peer Certificate CA, select the CA certificate for HQ (in this example, CA_Cert_1).

  3. In the Policy & Routing section, set Local Interface to LAN. The local subnet is added automatically.

    Set Remote Subnets to HQ’s local subnet (in this example, 192.168.37.0/24).

  4. Review the configuration summary that shows the firewall addresses, static routes, and security policies.