We will create an IPsec site-to-site tunnel between two locations using the above topology.
Let’s start with Site-1.
Once we’re logged into our FortiGate we will go to VPN -> IPsec Tunnels -> Create New
Once we click on IPsec Tunnel, we’ll get a few options and in our case we will select “Custom”.
At this point we’ll fill out the necessary information regarding Phase 1 and Phase 2 security parameters.
NOTE- The information filled here needs to match on Site-2
Once all the security parameters have been entered, the tunnel will be created.
Next we will create a static route.
Network -> Static Routes -> Create New.
NOTE – A virtual interface will be created by the FortiGate once the tunnel in created, in our case VPN-to-Site2 is created by FortiGate and that’s the interface we will use for the static route.
Next we will create two firewall policies (incoming and outgoing), in some case only one policy is needed.
This is the first policy-
The second policy will be the reverse of the first policy.
Now we’ll check the status of the tunnel.
As we can see our tunnel is down because we have not configured Site2 yet.
Let’s set that up now.
We will repeat the steps above, the steps that are different are shown below.
Both sites have been configured and we can check the status of the tunnel-
The VPN tunnel for both sites is up and now we can test the traffic.
We will do a simple ping test, ping from PC-Site1 to PC-site2 and reverse.
Pings are successful.
The VPN tunnel is up and traffic is flowing between both locations.
Spin up a lab and try it out.