True, LAN to LAN IPSec VPN’s are older technology, but both Cisco and Fortinet want you to learn their configuration for Cert exams, so today we are creating an IPSec tunnel between two Fortigates. The super-simple network topology looks like this.
I used the IPSec Wizard VPN to build the configuration. It was very straightforward. I will show the configuration and troubleshooting info from Fortigate 1 only. Fortigate 2 will look very similar.
Network interfaces. I assigned the IP’s to the physical interfaces. The IPSec Wizard created the Tunnel Interface.
Static Routes created by the Wizard
IPSec Tunnel created by the Wizard
Policy created by the Wizard
Events → VPN log messages. Note that initially the tunnel wasn’t coming up. I found that I had fat-fingered the preshared key on Fortigate 2. The comments in the log messages (cut off in the screenshot) suggest a PSK mismatch. Once I fixed the PSK the tunnel came up.
Routing table that notes the new static route for the tunnel.
