Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sarif
New Contributor II

Created on ‎05-19-2014 09:24 PM

VPN Tunnel Mode in forti OS

Hi....I want to create VPN IPSec as Tunnel Mode, but when i Create the vpn the result is Interface mode. how i change to tunnel mode in fortios 5 ? Thank you
3705
0 Kudos
4 REPLIES 4
neonbit
Valued Contributor

Created on ‎05-19-2014 09:53 PM

Hi Sarif, The two modes modes available for IPSEC VPNs are policy based VPN and route/interface based VPNs. I don' t know what a tunnel mode IPSEC VPN is (unless you' re talking about SSL VPNs). If you want to configure policy based VPNs then you' ll need to enable them in the GUI. Goto System > Config > Features and click on ' Show more' . Scroll down and enable the ' Policy-based IPSEC VPN' option then click apply. You may have to log out/in to refresh the GUI.
Preview file
128 KB
1059
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎05-19-2014 09:55 PM

What do you mean you mean exactly by " tunnel mode" ? The vpn is configured as either route-base or policy-based and as phase1 or phase1-interface types. The latter is exclusive to " route-based" where you have a routed and a interface that' s defined in the next-hope of the route or you run a routing protocol over the interface. The only other type of vpn is that type that uses GRE over IPSEC, but even that still it' s a routed-based vpn by definition I would suggest you read the ipsec guide and the types of vpn http://docs.fortinet.com/uploaded/files/1086/fortigate-ipsec.pdf

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1059
0 Kudos
sarif
New Contributor II

Created on ‎05-19-2014 11:54 PM

Hi neonbit... Thank you it work...
1059
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎05-20-2014 12:30 AM

" tunnel mode" as opposed to " transport mode" is a specification of the IPsec protocol suite how the packet is encrypted. In tunnel mode, the complete packet is encrypted, in transport mode only the payload. So, Sarif mixed up 2 concepts initially. Good to know it' s working now.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
1059
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.