IPSec set up IPSec
Routing Rule Local endpoint (Site A) Remote endpoint (Site B)
Source
192.168.10.0/255.255.255.0 192.168.100.0/255.255.255.0
Destination
192.168.100.0/255.255.255.0 192.168.10.0/255.255.255.0
Service
Any Any
Group
Tunnel_Group_AB Tunnel_Group_BA
Fail-Over
NO-ACTION NO-ACTION
A packet matching the rule will be delivered to appropriate tunnel according the Tunnel Routing algorithm (or you can
say a packet matching the rule will be GRE encapsulated and delivered to appropriate WAN port). The IPSec SAs
established on the tunnels guarantee the privacy to transmission on the tunnels by encrypting the packets before they
are transferred outward.
The pair of Local IP and Remote IP is the link to associated a GRE tunnel with an IPSec Transport mode SA, please
make sure the configurations are equal on this. Note that please do not configure an Tunnel mode Phase 1 with the
Local IP and Remote IP of a TR tunnel and configure the Phase 2 Quick Mode selector being equal to a TR routing
rule, or Tunnel Routing goes to failure.
For the details of Tunnel Routing, see "Tunnel Routing".
Procedures to set up a Tunnel Routing over IPSec Transport mode
To set up a Tunnel Routing over IPSec Transport mode, we suggest the steps to follow as below:
1.
Configure Network Settings on both units.
2.
Define correspondent Auto Routing policies on both units.
3.
Configure the settings of IPSec Transport mode Phase 1 and Phase 2 on both units.
4.
Define Tunnel Routing policies and routing rules on both units.
Establish IPSec VPN with FortiGate
FortiWAN supports the IPSec VPN established with a FortiGate unit. However, the deployment of IPSec VPN
established between FortiWAN and FortiGate is limited by the Spec. of FortiWAN's IPSec (See "About FortiWAN
IPSec VPN"). For example, IPSec Transport mode, IKE v2, authentication with certificates, IKE phase 1 aggressive
mode, NAT traversal, dynamic IP address, and some algorithms are not supported for this deployment. An example
for explaining how to set up a simple IPSec VPN (Tunnel mode) between a FortiWAN and a FortiGate is introduced
below:
FortiWAN Handbook
Fortinet Technologies Inc.
207
To Next Page
Loading...
Need help?
General
