Google+ Badge

Saturday, December 24, 2016

Fortigate - Site to Site IPsec VPN Tunnel using with Fortigate 30D & 100D


Part : Branch Office configuration:


Step 1 - Login to Fortigate 30D and check the details (Branch).


Step 2 - Before changing anything, please take the backup configuration.
 

Step 3 - Create fortigate DDNS, for accessing through Domain Name.

Dynamic DNS is very helpful if your Internet Service Provider provides you with a DHCP address. Fortinet hosts their own Dynamic DNS servers that is configurable in the GUI. Utilizing their servers will allow you to access your Fortigate via a DNS name that updates automatically when your IP address changes.

After that, check that if it is resolved through online.

Step 4 - Now, we need to create VPN tunnel using IPsec in 30D branch office.
Here, I am choosing custom VPN tunnel. In this section, we need to configure manually.
In the Authentication step, set the HO FortiGate’s IP as the Remote Gateway. Set the same Pre-shared Key that was used for HO’s VPN and Branch VPN.

Step 5 - After creating IPsec VPN, automatically create a VPN interface. Then create zone and add the IPsec VPN interface to this zone.

Step 6 - Create a new policy for VPN communication LAN to VPN & VPN to LAN


Step 7 - Create a static route Branch to HO.


Part 2 : Head Office configuration


Step 8 - Before doing, check the details and backup the configuration file.

Step 9 - Create IPsec VPN tunnel Phase1 and Phase2.
Here, we are selecting Remote gateway as 'Dynamic DNS' option and enter the Branch DDNS.



Step 10 - Check the interface and create new zone for IPsec VPN, then insert the newly created interface.

Step 11 - Create a new policy for IPsec VPN, LAN to VPN and VPN to LAN

Step 12 - Configure static route HO to Branch.

Step 13 - Finally, we can monitor and check the IPsec VPN connection.

Thats it...