Configuring IPsec VPN on Branch
- To create a new IPsec VPN tunnel, connect to Branch, go to VPN > IPsec Wizard, and create a new tunnel.
- In the VPN Setup step, set Template Type to Site to Site, set Remote Device Type to FortiGate, and set NAT Configuration to No NAT between sites.
- In the Authentication step, set IP Address to the public IP address of the HQ FortiGate (in the example, 172.25.176.62).
- After you enter the IP address, the wizard automatically assigns an interface as the Outgoing Interface. If you want to use a different interface, select it from the drop-down menu.
- Set the secure Pre-shared Key that was used for the VPN on HQ.
- In the Policy & Routing step, set Local Interface to lan. The wizard adds the local subnet automatically. Set Remote Subnets to the HQ network’s subnet (in the example, 192.168.65.0/24).
- Set Internet Access to None.
- A summary page shows the configuration created by the wizard, including interfaces, firewall addresses, routes, and policies.
- To bring the VPN tunnel up, go to Monitor > IPsec Monitor. Right-click under Status and select Bring Up.