Skip to main content
create_share
create_share
Explorer
October 13, 2024
Question

Correct way of Creating IPSec with Multiple Gateways

  • October 13, 2024
  • 1 reply
  • 741 views

Hi,

 

What is the correct way to create IPSec tunnels when the head office has multiple WAN interfaces, while the branch office has only one? Should I create two tunnels in the Head Office?

 

Thanks.

1 reply

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
October 14, 2024

That's depending on how you want to utilize those two IPsecs (could be one). Like...
1. you want to make one of the as a backup/standby
2. you want to load-balance
3. you wan to routes different destinations at the HQ to different tunnels.

If 1 or 3, you can simply create two IPsecs on both sides. You would specify the outgoing interface at HQ so it wouldn't be a problem when the gateway-ip is the same branch IP.
For 2, if you don't care much how it would be balanced, I suggest "IPsec aggregate" and use the default distribution logic. As long as HQ side has two IPs, it should work as well.
https://docs.fortinet.com/document/fortigate/7.4.5/administration-guide/779544/packet-distribution-and-redundancy-for-aggregate-ipsec-tunnels

Toshi

Terms & ConditionsAccessibility statement