Hot!Encrypting traffic between two public IPs

Author
shane.caznet
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/04/08 22:52:19
  • Status: offline
2016/01/18 03:47:41 (permalink)
0

Encrypting traffic between two public IPs

Hi All
Not really sure how to do this (or if its possible).
 
Essentially I want to ensure traffic (which is normally unencrypted) can be sent securely accross the internet. I can't create a "route based VPN" between the two sites. All I need to do is create a policy (I'm assuming IPSEC) between two public IPs, and tell the respective Fortigate's at each end to encrypt/decrypt any traffic which flows between those two points.
 
For example, public IPs 100.100.100.100 and 200.200.200.200
Fortigate 100D with FortiOS 5.2.5 at each end
 
We want to encrypt (with a preshared key) any traffic travelling between these two Firewalls public IPs irrespective of protocol etc. I thought this would be a Policy Based IPSEC, but I wasn't able to get it to work. I see traffic going out on the correct rule after setting Action = Ipsec, but no packets shown on the destination device.
 
Any advice on direction would be appreciated.
#1

2 Replies Related Threads

    shane.caznet
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/04/08 22:52:19
    • Status: offline
    Re: Encrypting traffic between two public IPs 2016/01/18 04:17:45 (permalink)
    0
    The logs on the destination Fortigate show the following:
     
    peer SA proposal not match local policy
     
    I have read that this could be caused by the fact that we also have a dial up VPN configured on the same Fortigate and they are conflicting. 
    #2
    finjoe
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/11/13 04:23:59
    • Status: offline
    Re: Encrypting traffic between two public IPs 2017/11/13 23:44:42 (permalink)
    0
    This procedure applies to both peers. Repeat the procedure on each FortiGate unit, using the correct IP address for each. You may wish to vary the Phase 1 names but this is optional. Otherwise all steps are the same for each peer.
    This is the best solution for you!
     http://help.fortinet.com/...nfig_Two_VPN_Peers.htm
    #3
    Jump to:
    © 2017 APG vNext Commercial Version 5.5