Basic site-to-site VPN with pre-shared key
This is a sample configuration of IPsec VPN authenticating a remote FortiGate peer with a pre-shared key.
To configure IPsec VPN authenticating a remote FortiGate peer with a pre-shared key in the GUI:
- Configure the HQ1 FortiGate.
- Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
- Enter a VPN name.
- For Template Type, select Site to Site.
- For Remote Device Type, select FortiGate.
- For NAT Configuration, select No NAT Between Sites.
- Click Next.
- Configure the following settings for Authentication:
- For Remote Device, select IP Address.
- For the IP address, enter 172.16.202.1.
- For Outgoing interface, enter port1.
- For Authentication Method, select Pre-shared Key.
- In the Pre-shared Key field, enter sample as the key.
- Click Next.
- Configure the following settings for Policy & Routing:
- From the Local Interface dropdown menu, select the local interface.
- Configure the Local Subnets as 10.1.100.0.
- Configure the Remote Subnets as 172.16.101.0.
- Click Create.
- Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
- Configure the HQ2 FortiGate.
- Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
- Enter a VPN name.
- For Template Type, select Site to Site.
- For Remote Device Type, select FortiGate.
- For NAT Configuration, select No NAT Between Sites.
- Click Next.
- Configure the following settings for Authentication:
- For Remote Device, select IP Address.
- For the IP address, enter 172.16.2001.
- For Outgoing interface, enter port25.
- For Authentication Method, select Pre-shared Key.
- In the Pre-shared Key field, enter sample as the key.
- Click Next.
- Configure the following settings for Policy & Routing:
- From the Local Int
- Go to VPN > IPsec Wizard and configure the following settings for VPN Setup: