IPSec IPSec set up
Auto Routing Policy Local endpoint (Site A) Remote endpoint (Site B)
Label
IPSec_WAN1 (Any name you desire) IPSec_WAN1 (Any name you desire)
T
Enable Threshold or not Enable Threshold or not
Algorithm
Fixed Fixed
Parameter
Only 1 is checked Only 1 is checked
Then you add a filter to IPv4 Filters like:
Auto Routing Filter Local endpoint (Site A) Remote endpoint (Site B)
When
All-Time All-Time
Input Port
Any Port Any Port
Source
10.10.10.10 or Localhost 20.20.20.20 or Localhost
Destination
20.20.20.20 10.10.10.10
Service
Any or IKE(500) Any or IKE(500)
Routing Policy
IPSec_WAN1 IPSec_WAN1
Fail-Over Policy
NO-ACTION NO-ACTION
Note that packets of IKE negotiations are generated from FortiWAN's localhost, the Source field of an AR
filter must be configured to "Localhost" to match the negotiation traffic and direct it to correct WAN link.
For IPSec communication packets
Routing of packets that are going to be transferred through IPsec VPN between the private networks (LANs) behind the
two sites (local and remote) is also controlled by FortiWAN's Auto Routing. It is necessary to route packets to the WAN
link that the IPSec SA is established on, so that the packets can be processed (evaluated by Quick Mode selector and
ESP encapsulated) by IPSec on the WAN port.
With the existing policy "For IPsec", you only need to add the filters like:
Auto Routing Filter Local endpoint (Site A) Remote endpoint (Site B)
When
All-Time All-Time
Input Port
Any Port (or the LAN port, PortX) Any Port (or the LAN port, PortX)
Source
192.168.10.0/255.255.255.0 192.168.100.0/255.255.255.0
Destination
192.168.100.0/255.255.255.0 192.168.10.0/255.255.255.0
200 FortiWAN Handbook
Fortinet Technologies Inc.
To Next Page
Loading...
