Configure route based IPSEC Site To Site VPN In Fortigate Firewall
Here in this article we will understand how to configure IPSEC site to site VPN between fortigate firewall to fortigate firewall.
Topology:
Here both ends of the tunnels are fortigate firewall, one side of the tunnel has “192.168.1.0/24” and other side of the tunnel has “192.168.2.0/24”
Configuration Of FGT1:
Under VPN >> IPSEC tunnels create New tunnel and follow the fields:
Name: You can enter any name
Template Type: Site to Site
NAT Configuration: If there is any NAT device in the middle select NAT or select No NAT between sites.
Remote Device Type: Select remote device type as fortigate, since the other end is fortigate firewall.
Click on next
Remote Device: Select IP address since we are using IP address to establish VPN in this scenario.
Remote IP address: Enter remote gateway IP address as “104.25.45.56”
Outgoing Interface: Select WAN interface on which you want to establish IPSEC tunnel
Authentication Method: You can define authentication method as preshared key or signature, now in this scenario i am selecting as preshared key.
Preshared Key: Give some value in preshared key, you need to give same key in the other end of the IPSEC tunnel gateway.
Local Interface: Under local interface, you need to select the interface which is associated to “192.168.1.0/24”
Local Subnet: You can select local subnets which is “192.168.1.0/24” in this scenario
Remote Subnet: You can select remote subnet which is “192.168.2.0/24” in this scenario
Click on next and create the tunnel.
Since you have used IPSEC wizard to create IPSEC site to site tunnel, firewall will automatically create static routes and firewall policies which is required for data to pass through IPSEC tunnel.
Configuration Of FGT2:
Under VPN >> IPSEC tunnels create New tunnel and follow the fields:
Name: You can enter any name
Template Type: Site to Site
NAT Configuration: If there is any NAT device in the middle select NAT or select No NAT between sites.
Remote Device Type: Select remote device type as fortigate, since the other end is fortigate firewall.
Click on next
Remote Device: Select IP address since we are using IP address to establish VPN in this scenario.
Remote IP address: Enter remote gateway IP address as “122.243.45.36”
Outgoing Interface: Select WAN interface on which you want to establish IPSEC tunnel
Authentication Method: You can define authentication method as preshared key or signature, now in this scenario i am selecting as preshared key.
Preshared Key: Give some value in preshared key, you need to give same key in the other end of the IPSEC tunnel gateway.
Local Interface: Under local interface, you need to select the interface which is associated to “192.168.2.0/24”
Local Subnet: You can select local subnets which is “192.168.1.0/24” in this scenario
Remote Subnet: You can select remote subnet which is “192.168.1.0/24” in this scenario
Click on next and create the tunnel.
As you have used IPSEC tunnel wizard to create IPSEC site to site VPN, static routes and firewall policies which are required for data to transmit will be automatically created.
Hope this article helps you 🙂