Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sjoshi
Staff
Staff

Created on ‎10-03-2024 11:31 PM Edited on ‎10-06-2024 11:10 PM By Community Manager

Article Id 346845

Technical Tip: How to setup IPSEC VPN between FortiGate and Cisco Routers

Description

 

This article describes how to set up an IPsec VPN between a FortiGate and a Cisco router.

 

Scope

 

FortiGate.

 

Solution

 

Prerequisites:

  • FortiGate (with basic configuration).
  • Cisco router (with basic configuration).
  • Internet connection on both ends.

 

Network Topology Overview:

Diagram showing the topology: FortiGate and Cisco router on different ends, connected via the internet with specific internal subnets behind them.

 

t.PNG

 

Configuration on HO side (FortiGate):

 

config vpn ipsec phase1-interface
    edit "HO_Side"
        set type static
        set remote-gw 192.168.4.1
        set authmethod psk
        set psksecret "salon123"
        set dhgrp 5
        set peertype any
        set proposal aes256-sha1
        set interface wan
        set nattraversal disable
        set keylife 86400
    next
end

 

config vpn ipsec phase2-interface
    edit "HO_Phase2"
        set phase1name "HO_Side"
        set pfs enable
        set dhgrp 5
        set keylife-type seconds
        set keylifeseconds 86400
        set proposal aes256-sha1
        set src-subnet 192.168.1.0/24
        set dst-subnet 192.168.2.0/24
    next

 

Note:

 

BranchOffice Router (Cisco):

 

#conf t
#ip route 192.168.1.0 255.255.255.0 192.168.4.2
#ip route 192.168.3.0 255.255.255.0 192.168.4.2
#access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

 

#crypto isakmp policy 1
#encr aes
#authentication pre-share
#group 5
#exit

 

#conf t
#crypto isakmp key salon123 address 192.168.3.1
#exit

 

#conf t
#crypto ipsec transform-set VPN-TS esp-aes 256 esp-sha-hmac
#crypto map VPN-MAP 10 ipsec-isakmp
#set peer 192.168.3.1
#set pfs group5
#set security-association lifetime seconds 86400
#set transform-set VPN-TS
#match address 100

 

#interface GigabitEthernet0/0/0
#ip address 192.168.2.1 255.255.255.0
#no shutdown

 

#interface GigabitEthernet0/0/1(outgoing interface)
#ip address 192.168.4.1 255.255.255.0
#no shutdown

 

#crypto map VPN-MAP

1318
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.