Basic site-to-site VPN with pre-shared key

This is a sample configuration of IPsec VPN authenticating a remote FortiGate peer with a pre-shared key.

To configure IPsec VPN authenticating a remote FortiGate peer with a pre-shared key in the GUI:
  1. Configure the HQ1 FortiGate.
    1.  Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
      1. Enter a VPN name.
      2. For Template Type, select Site to Site.
      3. For Remote Device Type, select FortiGate.
      4. For NAT Configuration, select No NAT Between Sites.
      5. Click Next.
    2. Configure the following settings for Authentication:
      1. For Remote Device, select IP Address.
      2. For the IP address, enter 172.16.202.1.
      3. For Outgoing interface, enter port1.
      4. For Authentication Method, select Pre-shared Key.
      5. In the Pre-shared Key field, enter sample as the key.
      6. Click Next.
    3. Configure the following settings for Policy & Routing:
      1. From the Local Interface dropdown menu, select the local interface.
      2. Configure the Local Subnets as 10.1.100.0.
      3. Configure the Remote Subnets as 172.16.101.0.
      4. Click Create.
  2. Configure the HQ2 FortiGate.
    1. Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
      1. Enter a VPN name.
      2. For Template Type, select Site to Site.
      3. For Remote Device Type, select FortiGate.
      4. For NAT Configuration, select No NAT Between Sites.
      5. Click Next.
    2. Configure the following settings for Authentication:
      1. For Remote Device, select IP Address.
      2. For the IP address, enter 172.16.2001.
      3. For Outgoing interface, enter port25.
      4. For Authentication Method, select Pre-shared Key.
      5. In the Pre-shared Key field, enter sample as the key.
      6. Click Next.
    3. Configure the following settings for Policy & Routing:
      1. From the Local Int