This is a sample configuration of a FortiGate VPN that is compatible with Cisco-style VPNs that use GRE in an IPsec tunnel. Cisco products with VPN support often use the GRE protocol tunnel over IPsec encryption. Cisco VPNs can use either transport mode or tunnel mode IPsec.
In this example, LAN1 users are provided with access to LAN2.
There are five steps to configure GRE-over-IPsec with a FortiGate and Cisco router:
- Enable overlapping subnets.
- Configure a route-based IPsec VPN on the external interface.
- Configure a GRE tunnel on the virtual IPsec interface.
- Configure security policies.
- Configure the static route.
Overlapping subnets are required because the IPsec and GRE tunnels will use the same addresses. By default, each FortiGate network interface must be on a separate network. This configuration assigns an IPsec tunnel endpoint and the external interface to the same network.
config system settings set allow-subnet-overlap enable next end
A route-based VPN that use encryption and authentication algorithms compatible with the Cisco router is required. Pre-sha