Scribd
Upload
155 views6 pages

Ipsec VPN PDF

This document outlines the steps to configure an IPsec VPN between a company headquarters and branch office using two FortiGate firewalls. The steps include: 1) configuring the Phase 1 and 2 settings on the HQ FortiGate; 2) adding address objects for the HQ and branch networks; 3) creating IPsec policies to allow traffic between the networks; 4) repeating steps 1-3 on the branch FortiGate; and 5) verifying the VPN tunnel is established and users on each network can communicate.

Uploaded by

Jorge CR
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
155 views6 pages

Ipsec VPN PDF

This document outlines the steps to configure an IPsec VPN between a company headquarters and branch office using two FortiGate firewalls. The steps include: 1) configuring the Phase 1 and 2 settings on the HQ FortiGate; 2) adding address objects for the HQ and branch networks; 3) creating IPsec policies to allow traffic between the networks; 4) repeating steps 1-3 on the branch FortiGate; and 5) verifying the VPN tunnel is established and users on each network can communicate.

Uploaded by

Jorge CR
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

29

1. Congure the HQ IPsec VPN Phase 1 and Phase 2 settings


2. Add HQ addresses for the local and remote LAN on the HQ
FortiGate unit
3. Create an HQ IPsec security policy
4. Congure the Branch IPsec VPN Phase 1 and Phase 2 settings
5. Add Branch addresses for the local and remote LAN on the HQ
FortiGate unit
6. Create an branch IPsec security policy
7. Results
Protecting communication between company
headquarters and branch offces using IPsec VPN
This example uses a gateway-to-gateway IPsec VPN, and assumes that both
offces have connections to the Internet with static IP addresses. This confguration
uses a policy-based IPsec VPN.
Internet
FortiGate
Internal
Network (HQ)
port3
172.20.120.141
FortiGate
Internal
Network (Branch)
wan1
172.20.120.123
port4
10.10.1.99/24
port1
192.168.1.99/24
IPsec
30
Step One: Confgure the HQ IPsec VPN
Phase 1 and Phase 2 settings
Go to VPN > IPsec > Auto Key (IKE).
Select Create New Phase 1.
Go to VPN > IPsec > Auto Key (IKE).
Select Create New Phase 2.
31
Step Two: Add HQ addresses for
the local and remote LAN on the HQ
FortiGate unit
Step Three: Create an HQ IPsec
security policy
Go to Firewall Objects > Address >
Address.
Create a local address and a remote LAN
address.
Go to Policy > Policy > Policy.
When complete, make sure it is at the top
of the policy list by clicking on the policy
sequence number and dragging the row to
the top of the policy table.
32
Step Four: Confgure the branch IPsec
VPN Phase 1 and Phase 2 settings
Go to VPN > IPsec > Auto Key (IKE).
Select Create New Phase 1.
Go to VPN > IPsec > Auto Key (IKE).
Select Create New Phase 2.
33
Step Five: Add branch addresses for
the local and remote LAN on the HQ
FortiGate unit
Step Six: Create a branch IPsec
security policy
Go to Firewall Objects > Address >
Address.
Create a local address and a remote LAN
address.
Go to Policy > Policy > Policy.
When complete, make sure it is at the top
of the policy list by clicking on the policy
sequence number and dragging the row to
the top of the policy table.
34
Results
Go to VPN > Monitor > IPSec Monitor
to verify the status of the VPN tunnel. It
should be up.
From the headquarters FortiGate unit go
to Log & Report > Traffc Log > Forward
Traffc.
From the branch FortiGate unit go to Log
& Report > Traffc Log > Forward Traffc.
A user on either of the offce networks
should be able to connect to any address
on the other offce network transparently.
For example, from a PC on the branch
offce with IP address 10.10.1.100 you
should be able to ping a device on the
headquarters network with the IP address
192.168.1.114 and vice versa.

You might also like