Fortinet black logo

Cookbook

Home FortiGate / FortiOS 5.6.0 Cookbook

Configuring IPsec VPN on HQ

5.6.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:783623
Download PDF

Configuring IPsec VPN on HQ

  1. On HQ, go to VPN > IPsec Wizard and create a new tunnel.

    In the VPN Setup section, set Template Type to Site to Site.

    Set Remote Device Type to FortiGate.

    Set NAT Configuration to No NAT between sites.

  2. In the Authentication section, set IP Address to the public IP address of the Branch FortiGate (in this example, 172.25.177.46).

    After you enter the IP address, an interface is assigned as the Outgoing Interface. If you want to use a different interface, select it from the dropdown menu.

    Set a secure Pre-shared Key

  3. In the Policy & Routing section, set Local Interface to lan. The local subnet is added automatically.

    Set Remote Subnets to the Branch network’s subnet (in this example, 192.168.13.0/24).

    Set Internet Access to None.

  4. Review the configuration summary that shows the interfaces, firewall addresses, routes, and policies.

  5. To view the VPN interface created by the wizard, go to Network > Interfaces.

  6. To view the firewall addresses created by the wizard, go to Policy & Objects > Addresses.

  7. To view the routes created by the wizard, go to Network > Static Routes.

  8. To view the policies created by the wizard, go to Policy & Objects > IPv4 Policy.

Previous
Next

Configuring IPsec VPN on HQ

  1. On HQ, go to VPN > IPsec Wizard and create a new tunnel.

    In the VPN Setup section, set Template Type to Site to Site.

    Set Remote Device Type to FortiGate.

    Set NAT Configuration to No NAT between sites.

  2. In the Authentication section, set IP Address to the public IP address of the Branch FortiGate (in this example, 172.25.177.46).

    After you enter the IP address, an interface is assigned as the Outgoing Interface. If you want to use a different interface, select it from the dropdown menu.

    Set a secure Pre-shared Key

  3. In the Policy & Routing section, set Local Interface to lan. The local subnet is added automatically.

    Set Remote Subnets to the Branch network’s subnet (in this example, 192.168.13.0/24).

    Set Internet Access to None.

  4. Review the configuration summary that shows the interfaces, firewall addresses, routes, and policies.

  5. To view the VPN interface created by the wizard, go to Network > Interfaces.

  6. To view the firewall addresses created by the wizard, go to Policy & Objects > Addresses.

  7. To view the routes created by the wizard, go to Network > Static Routes.

  8. To view the policies created by the wizard, go to Policy & Objects > IPv4 Policy.

Previous
Next