Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Suh_Ahamed
New Contributor

Created on ‎06-02-2024 12:03 PM

how to create point to multiple ipsec tunnel from fortigate with Cisco Router

Hello, 

 

We have use case to create an IPSec tunnel from the Fortigate 100F firewall to the remote end Cisco Router at three different locations.  ( Point to multiple point ) . We have a single Public IP address for the WAN (/30).

 

Please advise it is possible in the FortiGate ?  please find below diagram. Ipsec-tunnel.png

Labels:
750
0 Kudos
5 REPLIES 5
Toshi_Esumi
SuperUser
SuperUser

Created on ‎06-02-2024 12:13 PM Edited on ‎06-02-2024 12:19 PM

Just treat them as three different point-to-points/IPsecs then route between them using the ipsec (phase1-) interfaces.

Toshi

742
Suh_Ahamed
New Contributor
In response to Toshi_Esumi

Created on ‎06-04-2024 09:47 PM

Hi,

 

Thnaks, other end is the cisco router and the router base IP sec tunnel is supported with the above solution? 

614
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Suh_Ahamed

Created on ‎06-04-2024 10:06 PM Edited on ‎06-05-2024 08:29 AM

Each Cisco router doesn't, or doesn't have to, know if the FGT has two more IPsecs. It's just terminating a single IPsec VPN and route all destinations into the tunnel. It's the most basic set up.
So not only Cisco but virtually any other routers that support IPsec VPN and static routing would work.


By the way, route based or policy based IPsec are just locally significant aspect of VPN setup. The other end doesn't know about it. So even if you used policy based IPSec on the cisco side and route/interface based IPsecs on the FGT side, the combination should work fine too. In other words, that doesn't matter.

Toshi 

605
Dhruvin_patel
Staff
Staff

Created on ‎06-02-2024 01:46 PM

Greetings,

 

Create three site-to-site IPsec VPN tunnels between Fortigate 100F and three remote locations.

This document will help to create a tunnel, https://community.cisco.com/legacyfs/online/attachments/discussion/configuring-ipsec-vpn-with-a-fort...

 

 Regards!

If you have found a solution, please like and accept it to make it easily accessible for others.

Dhruvin Patel
705
amrit
Staff
Staff

Created on ‎06-02-2024 01:59 PM

There shouldn't be any problem in this scenario. Multiple IPsec tunnels can be created on a single interface to multiple remote locations. 

 

Additionally: It is also possible to create multiple IPsec tunnels from the same interface to the same remote location. Please refer to this link  https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-establish-more-than-one-IPsec-tunne...

Amritpal Singh
701
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.