Fortinet black logo

Cookbook

Configuring IPsec VPN on HQ

Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:783623
Download PDF

Configuring IPsec VPN on HQ

  1. To create a new IPsec VPN tunnel, connect to HQ, go to VPN > IPsec Wizard, and create a new tunnel.
  2. In the VPN Setup step, set Template Type to Site to Site, set Remote Device Type to FortiGate, and set NAT Configuration to No NAT between sites.

  3. In the Authentication step, set IP Address to the public IP address of the Branch FortiGate (in the example, 172.25.177.46).
  4. After you enter the IP address, the wizard automatically assigns an interface as the Outgoing Interface. If you want to use a different interface, select it from the drop-down menu.
  5. Set a secure Pre-shared Key.

  6. In the Policy & Routing step, set Local Interface to lan. The wizard adds the local subnet automatically. Set Remote Subnets to the Branch network’s subnet (in the example, 192.168.13.0/24).
  7. Set Internet Access to None.

  8. A summary page shows the configuration created by the wizard, including interfaces, firewall addresses, routes, and policies.

  9. To view the VPN interface created by the wizard, go to Network > Interfaces.

  10. To view the firewall addresses created by the wizard, go to Policy & Objects > Addresses.

  11. To view the routes created by the wizard, go to Network > Static Routes.

  12. To view the policies created by the wizard, go to Policy & Objects > IPv4 Policy.

Configuring IPsec VPN on HQ

  1. To create a new IPsec VPN tunnel, connect to HQ, go to VPN > IPsec Wizard, and create a new tunnel.
  2. In the VPN Setup step, set Template Type to Site to Site, set Remote Device Type to FortiGate, and set NAT Configuration to No NAT between sites.

  3. In the Authentication step, set IP Address to the public IP address of the Branch FortiGate (in the example, 172.25.177.46).
  4. After you enter the IP address, the wizard automatically assigns an interface as the Outgoing Interface. If you want to use a different interface, select it from the drop-down menu.
  5. Set a secure Pre-shared Key.

  6. In the Policy & Routing step, set Local Interface to lan. The wizard adds the local subnet automatically. Set Remote Subnets to the Branch network’s subnet (in the example, 192.168.13.0/24).
  7. Set Internet Access to None.

  8. A summary page shows the configuration created by the wizard, including interfaces, firewall addresses, routes, and policies.

  9. To view the VPN interface created by the wizard, go to Network > Interfaces.

  10. To view the firewall addresses created by the wizard, go to Policy & Objects > Addresses.

  11. To view the routes created by the wizard, go to Network > Static Routes.

  12. To view the policies created by the wizard, go to Policy & Objects > IPv4 Policy.