FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Redundant <strong>VPN</strong> configurations<br />
Configure the <strong>VPN</strong> peers - route-based <strong>VPN</strong><br />
Configure the <strong>VPN</strong> peers - route-based <strong>VPN</strong><br />
Configure each <strong>VPN</strong> peer as follows:<br />
1 Ensure that the interfaces used in the <strong>VPN</strong> have static IP addresses.<br />
2 Create a phase 1 configuration for each of the paths between the peers. Enable<br />
<strong>IPSec</strong> Interface mode so that this creates a virtual <strong>IPSec</strong> interface. Enable dead<br />
peer detection so that one of the other paths is activated if this path fails.<br />
Enter these settings in particular:<br />
Path 1<br />
Remote Gateway<br />
IP Address<br />
Select Static IP Address.<br />
Type the IP address of the primary interface of the<br />
remote peer.<br />
Local Interface<br />
Select the primary public interface of this peer.<br />
Enable <strong>IPSec</strong> Interface Mode Enable<br />
Dead Peer Detection<br />
Enable<br />
Other settings as required by <strong>VPN</strong>.<br />
Path 2<br />
Remote Gateway<br />
IP Address<br />
Select Static IP Address.<br />
Type the IP address of the secondary interface of the<br />
remote peer.<br />
Local Interface<br />
Select the primary public interface of this peer.<br />
Enable <strong>IPSec</strong> Interface Mode Enable<br />
Dead Peer Detection<br />
Enable<br />
Other settings as required by <strong>VPN</strong>.<br />
Path 3<br />
Remote Gateway<br />
IP Address<br />
Select Static IP Address.<br />
Type the IP address of the primary interface of the<br />
remote peer.<br />
Local Interface<br />
Select the secondary public interface of this peer.<br />
Enable <strong>IPSec</strong> Interface Mode Enable<br />
Dead Peer Detection<br />
Enable<br />
Other settings as required by <strong>VPN</strong>.<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
01-30005-0065-20070716 85