Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Configuring IPsec VPN on Branch

  1. To create a new IPsec VPN tunnel, connect to Branch, go to VPN > IPsec Wizard, and create a new tunnel.
  2. In the VPN Setup step, set Template Type to Site to Site, set Remote Device Type to FortiGate, and set NAT Configuration to No NAT between sites.

  3. In the Authentication step, set IP Address to the public IP address of the HQ FortiGate (in the example, 172.25.176.62).
  4. After you enter the IP address, the wizard automatically assigns an interface as the Outgoing Interface. If you want to use a different interface, select it from the drop-down menu.
  5. Set the secure Pre-shared Key that was used for the VPN on HQ.

  6. In the Policy & Routing step, set Local Interface to lan. The wizard adds the local subnet automatically. Set Remote Subnets to the HQ network’s subnet (in the example, 192.168.65.0/24).
  7. Set Internet Access to None.

  8. A summary page shows the configuration created by the wizard, including interfaces, firewall addresses, routes, and policies.

  9. To bring the VPN tunnel up, go to Monitor > IPsec Monitor. Right-click under Status and select Bring Up.

Configuring IPsec VPN on Branch

  1. To create a new IPsec VPN tunnel, connect to Branch, go to VPN > IPsec Wizard, and create a new tunnel.
  2. In the VPN Setup step, set Template Type to Site to Site, set Remote Device Type to FortiGate, and set NAT Configuration to No NAT between sites.

  3. In the Authentication step, set IP Address to the public IP address of the HQ FortiGate (in the example, 172.25.176.62).
  4. After you enter the IP address, the wizard automatically assigns an interface as the Outgoing Interface. If you want to use a different interface, select it from the drop-down menu.
  5. Set the secure Pre-shared Key that was used for the VPN on HQ.

  6. In the Policy & Routing step, set Local Interface to lan. The wizard adds the local subnet automatically. Set Remote Subnets to the HQ network’s subnet (in the example, 192.168.65.0/24).
  7. Set Internet Access to None.

  8. A summary page shows the configuration created by the wizard, including interfaces, firewall addresses, routes, and policies.

  9. To bring the VPN tunnel up, go to Monitor > IPsec Monitor. Right-click under Status and select Bring Up.