Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
shane_caznet
New Contributor

Encrypting traffic between two public IPs

Hi All

Not really sure how to do this (or if its possible).

 

Essentially I want to ensure traffic (which is normally unencrypted) can be sent securely accross the internet. I can't create a "route based VPN" between the two sites. All I need to do is create a policy (I'm assuming IPSEC) between two public IPs, and tell the respective Fortigate's at each end to encrypt/decrypt any traffic which flows between those two points.

 

For example, public IPs 100.100.100.100 and 200.200.200.200

Fortigate 100D with FortiOS 5.2.5 at each end

 

We want to encrypt (with a preshared key) any traffic travelling between these two Firewalls public IPs irrespective of protocol etc. I thought this would be a Policy Based IPSEC, but I wasn't able to get it to work. I see traffic going out on the correct rule after setting Action = Ipsec, but no packets shown on the destination device.

 

Any advice on direction would be appreciated.

2 REPLIES 2
shane_caznet
New Contributor

The logs on the destination Fortigate show the following:

 

peer SA proposal not match local policy

 

I have read that this could be caused by the fact that we also have a dial up VPN configured on the same Fortigate and they are conflicting. 

finjoe
New Contributor

This procedure applies to both peers. Repeat the procedure on each FortiGate unit, using the correct IP address for each. You may wish to vary the Phase 1 names but this is optional. Otherwise all steps are the same for each peer.

This is the best solution for you!

 http://help.fortinet.com/...nfig_Two_VPN_Peers.htm

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors