Hi,
Ho- BR, call manager in head office .
The ip of the phone is 10.0.2.0/24
call manager ip is 10.0.2.10
Please help me to create site to site vpn .
so the phone can be registered .
Thanks
Hi sims,
An IPSEC VPN tunnel consists of two parts: Phase-1 and Phase-2. I like to call them "Are we allowed to talk" phase and "What are we talking about" phase. :) Here's what you'll need to know... Maybe put this in a checklist if you're not very proficient at IPSEC VPNs. These are the basics but should get you going.
Phase-1
- Encryption (AES-256, 3DES, etc)
- Hashing (SHA-1, MD5, etc)
- Authentication (Can be a pre-shared key [PSK] or certificates [PKI])
- Identity (Usually IP address but can be hostname)
- IKE version (1 or 2)
- Diffie-Hellman Group
- Lifetime
Phase-2
- Encryption (Can be same or different from Phase-1)
- Hashing (Can be same or different from Phase-1)
- Encryption Domains (These are the networks you want to have talk to each other. If Site-A is offering 10.20.30.0/24 and Site-B is offering 192.168.0.0/16, make sure they match on both sides)
- Lifetime
- Perfect Forward Secrecy (optional but will require another Diffie-Hellman Group)
All items on each side must match or else the VPN won't establish. Go into your 'Gate and configure a custom tunnel. For Site-A, your local will be 10.20.30.0/24 and your remote will be 192.168.0.0/16. You will reverse this on the other device you're configuring.
Create a Static Route to point the remote network (192.168.0.0/16) to use the VPN tunnel interface. Lastly, create your firewall policies with like this:
SourceInt: Internal
DestinationInt: VPN-Interface
Source: 10.20.30.0/24
Destination: 192.168.0.0/16
Service: Whatever you want
Action: Accept
NAT: None
Log: All
If you want traffic to be initiated from the remote site, create another rule but swap the Interfaces and the Source/Destination networks.
Go into Monitor->IPSEC Monitor and bring the tunnels up.
Hope this helps,
Sean (Gr@ve_Rose)
Site: https://tcpdump101.com
Twitter: https://twitter.com/Grave_Rose
Reddit: https://reddit.com/r/tcpdump101
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1768 | |
1116 | |
766 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.