I'm struggling to get a Route Based VPN to connect end to end. Phase 1 is connecting fine.
I simply want to create an IPSec (/30) Tunnel. I will use static routes to decide as to what traffic traverses the tunnel.
Where should my ends IP Address of the /30 be configured ? I have it currently in the Tunnel Interface within Network > Interfaces.
Within the IPSec Tunnels section of VPN, what addresses should I insert into Phase 2 ? Do I put in the Local and Remote /30 IP's ? I read somewhere else about adding 0.0.0.0/0.0.0.0. But neither seems to have worked.
At the other end is a non-Fortigate device. It has no IP Addresses configured in Phase 2
Then the GUI populate the config at the right places in the config file you can see in CLI. Yes, the tunnel ip should be under the "interface". And you need to add your static routes separately.
I'm not sure how the menu looks like in GUI to chose those specific IPSec parameters, but the best way to confirm is to go to CLI and check what are chosen under "config vpn ipsec phase1-interface" and "config vpn ipsec phase2-interface" and modify them as needed. I believe some of them can't be set/modified via GUI.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.