IPSec IPSec set up
Phase 1 Local endpoint
(Site A)
Local endpoint
(Site A)
Remote endpoint
(Site B)
Remote endpoint
(Site B)
Name
peers_AB_1 peers_AB_2 peers_BA_1 peers_BA_2
Local IP
10.10.10.10 11.11.11.11 20.20.20.20 21.21.21.21
Remote IP
20.20.20.20 21.21.21.21 10.10.10.10 11.11.11.11
Next you need to configure the settings to Phase 2 for the four Phase 1 configurations above. Phase 2 of Transport
mode does not require specifying a Quick Mode selector, only a name and IKE proposal are required. For the details of
IPSec configuration, see "IPSec VPN in the Web UI".
Define Tunnel Routing policies for IPSec communications
As for the communication packets between networks behind the two FortiWAN units, Tunnel Routing controls the
routing of them. You need the configurations to set up the two TR tunnels, and the policies to route GRE packets over
the TR tunnels.
To establish the TR tunnels, go to Service > Tunnel Routing > add a new Tunnel Group with two Group Tunnels
and appropriate balancing algorithm:
Tunnel Group Local endpoint (Site A) Remote endpoint (Site B)
Name
Tunnel_Group_AB Tunnel_Group_BA
Algorithm
Round-Robin (for example) Round-Robin (for example)
Group Tunnel 1
E
Checked Checked
Local IP
10.10.10.10 20.20.20.20
Remote IP
20.20.20.20 10.10.10.10
Weight
1 (for example) 1 (for example)
Group Tunnel 2
E
Checked Checked
Local IP
11.11.11.11 21.21.21.21
Remote IP
21.21.21.21 11.11.11.11
Weight
1 (for example) 1 (for example)
Next, you need a new rule to Routing Rules, like this:
206 FortiWAN Handbook
Fortinet Technologies Inc.
To Next Page
Loading...
