Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
championc
New Contributor

Problem Configuring Site to Site ROUTE BASED VPN

Hi all,

 

I'm struggling to get a Route Based VPN to connect end to end.  Phase 1 is connecting fine.

 

I simply want to create an IPSec (/30) Tunnel.  I will use static routes to decide as to what traffic traverses the tunnel.

 

Where should my ends IP Address of the /30 be configured ?  I have it currently in the Tunnel Interface within Network > Interfaces.

 

Within the IPSec Tunnels section of VPN, what addresses should I insert into Phase 2 ?  Do I put in the Local and Remote /30 IP's ?  I read somewhere else about adding 0.0.0.0/0.0.0.0.  But neither seems to have worked.

 

At the other end is a non-Fortigate device.  It has no IP Addresses configured in Phase 2

Encryption Algo: AES256

PFS: Disabled

Hash Algo: SHA256 SA life time: 3600

NAT Traversal Off

 

Any suggestions or pointers gratefully received 

1 REPLY 1
Toshi_Esumi
Esteemed Contributor III

Did you follow some instructions like below cookbook? You just needed to modify the source/destination subnets to 0/0.

https://cookbook.fortinet...ith-two-fortigates-60/

Then the GUI populate the config at the right places in the config file you can see in CLI. Yes, the tunnel ip should be under the "interface". And you need to add your static routes separately.

I'm not sure how the menu looks like in GUI to chose those specific IPSec parameters, but the best way to confirm is to go to CLI and check what are chosen under "config vpn ipsec phase1-interface" and "config vpn ipsec phase2-interface" and modify them as needed. I believe some of them can't be set/modified via GUI.

 

Labels
Top Kudoed Authors