• firewallgeeks@gmail.com
  • Bangalore
June 8, 2022

Configure route based IPSEC Site To Site VPN In Fortigate Firewall

Here in this article we will understand how to configure IPSEC site to site VPN between fortigate firewall to fortigate firewall.

Topology:

IPSEC VPN

Here both ends of the tunnels are fortigate firewall, one side of the tunnel has “192.168.1.0/24” and other side of the tunnel has “192.168.2.0/24”

Configuration Of FGT1:

Under VPN >> IPSEC tunnels create New tunnel and follow the fields:

Name: You can enter any name

Template Type: Site to Site

NAT Configuration: If there is any NAT device in the middle select NAT or select No NAT between sites.

Remote Device Type: Select remote device type as fortigate, since the other end is fortigate firewall.

ipsec1

Click on next

Remote Device: Select IP address since we are using IP address to establish VPN in this scenario.

Remote IP address: Enter remote gateway IP address as “104.25.45.56”

Outgoing Interface: Select WAN interface on which you want to establish IPSEC tunnel

Authentication Method: You can define authentication method as preshared key or signature, now in this scenario i am selecting as preshared key.

Preshared Key: Give some value in preshared key, you need to give same key in the other end of the IPSEC tunnel gateway.

ipsec2

Local Interface: Under local interface, you need to select the interface which is associated to “192.168.1.0/24”

Local Subnet: You can select local subnets which is “192.168.1.0/24” in this scenario

Remote Subnet: You can select remote subnet which is “192.168.2.0/24” in this scenario

Click on next and create the tunnel.

ipsec3

Since you have used IPSEC wizard to create IPSEC site to site tunnel, firewall will automatically create static routes and firewall policies which is required for data to pass through IPSEC tunnel.

Configuration Of FGT2:

Under VPN >> IPSEC tunnels create New tunnel and follow the fields:

Name: You can enter any name

Template Type: Site to Site

NAT Configuration: If there is any NAT device in the middle select NAT or select No NAT between sites.

Remote Device Type: Select remote device type as fortigate, since the other end is fortigate firewall.

Click on next

ipsec4

Remote Device: Select IP address since we are using IP address to establish VPN in this scenario.

Remote IP address: Enter remote gateway IP address as “122.243.45.36”

Outgoing Interface: Select WAN interface on which you want to establish IPSEC tunnel

Authentication Method: You can define authentication method as preshared key or signature, now in this scenario i am selecting as preshared key.

Preshared Key: Give some value in preshared key, you need to give same key in the other end of the IPSEC tunnel gateway.

ipsec5

Local Interface: Under local interface, you need to select the interface which is associated to “192.168.2.0/24”

Local Subnet: You can select local subnets which is “192.168.1.0/24” in this scenario

Remote Subnet: You can select remote subnet which is “192.168.1.0/24” in this scenario

Click on next and create the tunnel.

ipsec6

As you have used IPSEC tunnel wizard to create IPSEC site to site VPN, static routes and firewall policies which are required for data to transmit will be automatically created.

Hope this article helps you 🙂

Seshu Ganesh
0
Tags :

Leave a Reply

Your email address will not be published.

Categories