fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configuring the two VPN peers Gateway-to-gateway configurations<br />
To create phase 1 to establish a secure connection with the remote peer<br />
1 Go to VPN > IPsec > Auto Key (IKE).<br />
2 Select Create Phase 1.<br />
3 Enter the following information, and select OK.<br />
The basic phase 2 settings associate IPsec phase 2 parameters with the phase 1<br />
configuration and specify the remote end point of the VPN tunnel. Before you define the<br />
phase 2 parameters, you need to reserve a name for the tunnel. See “Phase 2<br />
configuration” on page 31.<br />
To configure phase 2 settings<br />
1 Go to VPN > IPsec > Auto Key (IKE).<br />
2 Select Create Phase 2.<br />
3 Enter the following information, and select OK.<br />
Creating security policies<br />
Enter peer_1.<br />
Name<br />
A name to identify the VPN tunnel. This name appears in<br />
phase 2 configurations, security policies and the VPN monitor.<br />
Remote Gateway Select Static IP Address.<br />
IP Address<br />
Local Interface<br />
Enable IPsec<br />
Interface Mode<br />
Name<br />
Phase 1<br />
Enter 172.20.0.2 when configuring FortiGate_1.<br />
Enter 172.18.0.2 when configuring FortiGate_2.<br />
The IP address of the remote peer public interface.<br />
Select wan1.<br />
The FortiGate unit’s public interface.<br />
This interface cannot be a loopback interface.<br />
Select Advanced to see this setting.<br />
Enable IPsec Interface Mode to have the FortiGate unit create a<br />
virtual IPsec interface for a route-based VPN.<br />
Disable this option to create a policy-based VPN. For more<br />
information, see “Comparing policy-based or route-based<br />
VPNs” on page 22.<br />
After you select OK to create the phase 1 configuration, you<br />
cannot change this setting.<br />
Enter peer_1_p2.<br />
A name to identify this phase 2 configuration.<br />
Select peer_1.<br />
The name of the phase 1 configuration.<br />
Security policies control all IP traffic passing between a source address and a destination<br />
address.<br />
IPsec VPNs for FortiOS 4.0 MR3<br />
72 01-434-112804-20120111<br />
http://docs.fortinet.com/