EasyManua.ls Logo

Fortinet FortiWAN - Page 205

Fortinet FortiWAN
311 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
IPSec set up IPSec
Auto Routing
Policy
Local endpoint
(Site A)
Local endpoint
(Site A)
Remote endpoint
(Site B)
Remote endpoint
(Site B)
Label
IPSec_WAN1 (Any
name you desire)
IPSec_WAN2 (Any
name you desire)
IPSec_WAN1 (Any
name you desire)
IPSec_WAN2 (Any
name you desire)
T
Enable Threshold
or not
Enable Threshold
or not
Enable Threshold
or not
Enable Threshold
or not
Algorithm
Fixed Fixed Fixed Fixed
Parameter
Only 1 is checked Only 2 is checked Only 1 is checked Only 2 is checked
Then you add two IPv4 filters like:
Auto Routing
Filter
Local endpoint
(Site A)
Local endpoint
(Site A)
Remote endpoint
(Site B)
Remote endpoint
(Site B)
When
All-Time All-Time All-Time All-Time
Input Port
Any Port Any Port Any Port Any Port
Source
10.10.10.10 or
Localhost
11.11.11.11 or
Localhost
20.20.20.20 or
Localhost
21.21.21.21 or
Localhost
Destination
20.20.20.20 21.21.21.21 10.10.10.10 11.11.11.11
Service
Any or IKE(500) Any or IKE(500) Any or IKE(500) Any or IKE(500)
Routing
Policy
IPSec_WAN1 IPSec_WAN2 IPSec_WAN1 IPSec_WAN2
Fail-Over
Policy
NO-ACTION NO-ACTION NO-ACTION NO-ACTION
Tunnel Routing itself takes the responsibility to route packets over multiple tunnels, therefore Auto Routing policies
are not required for packets of IPSec communication. For the details of Auto Routing, see "Auto Routing". Note that
packets of IKE negotiations are generated from FortiWAN's localhost, the Source field of an AR filter
must be configured to "Localhost" to match the negotiation traffic and direct it to correct WAN link.
Define IPSec parameters
Next is the Phase 1 configurations for two IPSec SAs in Transport mode. To associate an IPSec SA with a TR tunnel,
make sure the Phase 1 configuration and the TR tunnel are equal on the Local IP and Remote IP.
Go to Services > IPSec
Add Phase 1 configurations for IPSec Transport mode SAs between site A's WAN 1 (10.10.10.10) and site B's WAN 1
(20.20.20.20), and site A's WAN 1 (11.11.11.11) and site B's WAN 1 (21.21.21.21). The other parameters are not
listed here.
FortiWAN Handbook
Fortinet Technologies Inc.
205

Table of Contents

Other manuals for Fortinet FortiWAN

Preview: Administration Guide
Administration Guide182 pages

Related product manuals