Fortinet black logo

Cookbook

Home FortiGate / FortiOS 5.6.0 Cookbook

Configuring IPsec VPN on Branch

5.6.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:125424
Download PDF

Configuring IPsec VPN on Branch

  1. On Branch, go to VPN > IPsec Wizard, and create a new tunnel.

    In the VPN Setup section, set Template Type to Site to Site.

    Set Remote Device Type to FortiGate.

    Set NAT Configuration to No NAT between sites.

  2. In the Authentication section, set IP Address to the public IP address of the HQ FortiGate (in this example, 172.25.176.62).

    After you enter the IP address, an interface is assigned as the Outgoing Interface. If you want to use a different interface, select it from the dropdown menu.

    Set the secure Pre-shared Key that was used for the VPN on HQ.

  3. In the Policy & Routing section, set Local Interface to lan. The local subnet is added automatically.

    Set Remote Subnets to the HQ network’s subnet (in this example, 192.168.65.0/24).

    Set Internet Access to None.

  4. Review the configuration summary that shows the interfaces, firewall addresses, routes, and policies.

  5. To bring up the VPN tunnel, go to Monitor > IPsec Monitor. Right-click the Status and select Bring Up.

    You might need to refresh the page before the Status shows Up.

Previous
Next

Configuring IPsec VPN on Branch

  1. On Branch, go to VPN > IPsec Wizard, and create a new tunnel.

    In the VPN Setup section, set Template Type to Site to Site.

    Set Remote Device Type to FortiGate.

    Set NAT Configuration to No NAT between sites.

  2. In the Authentication section, set IP Address to the public IP address of the HQ FortiGate (in this example, 172.25.176.62).

    After you enter the IP address, an interface is assigned as the Outgoing Interface. If you want to use a different interface, select it from the dropdown menu.

    Set the secure Pre-shared Key that was used for the VPN on HQ.

  3. In the Policy & Routing section, set Local Interface to lan. The local subnet is added automatically.

    Set Remote Subnets to the HQ network’s subnet (in this example, 192.168.65.0/24).

    Set Internet Access to None.

  4. Review the configuration summary that shows the interfaces, firewall addresses, routes, and policies.

  5. To bring up the VPN tunnel, go to Monitor > IPsec Monitor. Right-click the Status and select Bring Up.

    You might need to refresh the page before the Status shows Up.

Previous
Next