Changes

m
no edit summary
Line 16: Line 16:  
[[File:Networking_rutos_manual_webui_basic_advanced_mode_75.gif|border|center|class=tlt-border|1102x93px]]
 
[[File:Networking_rutos_manual_webui_basic_advanced_mode_75.gif|border|center|class=tlt-border|1102x93px]]
   −
==Topology==
+
==Site to site configuration RUT public IP==
 +
----
 +
This section provides a guide on how to configure a successful site to site IPsec vpn connection between '''RUT''' and '''Fortinet''' devices.
 +
===Topology===
 +
----
 
'''RUT''' – '''RUT''' will act as a '''hub'''. A hub is a server (IPsec responder), to which our spoke will be connected. It will be our remote endpoint for the spoke device. RUT has a LAN subnet of 192.168.1.0/24 and a WAN with Public IP, which should be reachable by the spoke.
 
'''RUT''' – '''RUT''' will act as a '''hub'''. A hub is a server (IPsec responder), to which our spoke will be connected. It will be our remote endpoint for the spoke device. RUT has a LAN subnet of 192.168.1.0/24 and a WAN with Public IP, which should be reachable by the spoke.
 
   
 
   
 
'''Fortinet''' – '''Fortinet''' will act as a '''spoke'''. A spoke is a client (IPsec initiator), that will be connected to the hub. It will be connected to a '''hub''' to be able to reach RUT LAN subnet. Fortinet has a LAN subnet of 192.168.5.0/24 and a WAN with private IP.
 
'''Fortinet''' – '''Fortinet''' will act as a '''spoke'''. A spoke is a client (IPsec initiator), that will be connected to the hub. It will be connected to a '''hub''' to be able to reach RUT LAN subnet. Fortinet has a LAN subnet of 192.168.5.0/24 and a WAN with private IP.
   −
[[File:TopologijaIPsecPublicRutSingleLAN.png|border|class=tlt-border|center]]
+
[[File:Fortinet_RUT_IPsec_site_to_site_rut_public.png|border|class=tlt-border|center]]
==Site to site configuration RUT public IP==
  −
This section provides a guide on how to configure a successful site to site IPsec vpn connection between '''RUT''' and '''Fortinet''' devices.
   
===Fortinet configuration===
 
===Fortinet configuration===
 +
----
 
Start by configuring the '''Fortinet''' device. Login to the WebUI, navigate to '''1. VPN → 2. IPsec Tunnels → 3. Create new → 4. IPsec Tunnel → 5. Your desired name → 6. Template type: Custom → 7. Click on the button next'''.
 
Start by configuring the '''Fortinet''' device. Login to the WebUI, navigate to '''1. VPN → 2. IPsec Tunnels → 3. Create new → 4. IPsec Tunnel → 5. Your desired name → 6. Template type: Custom → 7. Click on the button next'''.
 
----
 
----
Line 39: Line 42:  
----
 
----
 
Configure everything as follows.  
 
Configure everything as follows.  
 +
 
Make the following changes:
 
Make the following changes:
 
# Remote Gateway – '''''Static IP Address;'''''
 
# Remote Gateway – '''''Static IP Address;'''''
Line 66: Line 70:     
Make the following changes:
 
Make the following changes:
 +
 
'''''Click on Advanced settings;'''''
 
'''''Click on Advanced settings;'''''
 
# Encryption – '''''AES256;'''''
 
# Encryption – '''''AES256;'''''
Line 89: Line 94:  
----
 
----
 
Then create a second firewall rule.
 
Then create a second firewall rule.
 +
 
Make the following changes:
 
Make the following changes:
 
# Incoming interface - '''''IPsec tunnel interface name (In this case it is Teltonika);'''''
 
# Incoming interface - '''''IPsec tunnel interface name (In this case it is Teltonika);'''''
Line 118: Line 124:  
----
 
----
 
Then create a new static route for blackhole.
 
Then create a new static route for blackhole.
 +
 
Make the following changes:
 
Make the following changes:
 
<table class="nd-othertables_2">
 
<table class="nd-othertables_2">
Line 138: Line 145:  
----
 
----
 
Make the following changes:
 
Make the following changes:
 +
 
# '''''Enable''''' instance;
 
# '''''Enable''''' instance;
 
# Authentication method - '''''Pre-shared key;'''''
 
# Authentication method - '''''Pre-shared key;'''''
Line 147: Line 155:  
----
 
----
 
Make the following changes:
 
Make the following changes:
 +
 
# Mode - '''''Start;'''''
 
# Mode - '''''Start;'''''
 
# Type - '''''Tunnel;'''''
 
# Type - '''''Tunnel;'''''
Line 191: Line 200:  
==Site to site configuration with multiple LANs==
 
==Site to site configuration with multiple LANs==
 
----
 
----
This section provides a guide on how to configure a successful site to site IPsec vpn connection between '''RUT''' and '''Fortinet''' devices with multiple LANs. Here is the list of LANs with their subnets:
+
This section provides a guide on how to configure a successful site to site IPsec vpn connection between '''RUT''' and '''Fortinet''' devices with multiple LANs.  
* Fortinet:
+
===Topology===
** LAN1: 192.168.5.0/24 with default gateway 192.168.5.99
+
----
** LAN2: 192.168.4.0/24 with default gateway 192.168.4.99
+
'''RUT''' – '''RUT''' will act as a '''hub'''. A hub is a server (IPsec responder), to which our spoke will be connected. It will be our remote endpoint for the spoke device. RUT has a LAN1 subnet of 192.168.1.0/24, LAN2 subnet of 192.168.2.0/24 and a WAN with Public IP, which should be reachable by the spoke.
* RUT:
+
** LAN1: 192.168.1.0/24 with default gateway 192.168.1.1
+
'''Fortinet''' – '''Fortinet''' will act as a '''spoke'''. A spoke is a client (IPsec initiator), that will be connected to the hub. It will be connected to a '''hub''' to be able to reach RUT LAN1 and LAN2 subnet. Fortinet has a LAN1 subnet of 192.168.5.0/24, LAN2 subnet of 192.168.4.0/24 a WAN with private IP.
** LAN2: 192.168.2.0/24 with default gateway 192.168.2.1
+
 
 +
[[File:Fortinet_RUT_IPsec_site_to_site_rut_public_multiple_lan.png|border|class=tlt-border|center]]
 +
 
 
===Fortinet configuration===
 
===Fortinet configuration===
 
----  
 
----  
Line 256: Line 267:  
----
 
----
 
==Site to site configuration Fortinet public IP==
 
==Site to site configuration Fortinet public IP==
 +
----
 
This section provides a guide on how to configure a successful site to site IPsec vpn connection between '''RUT''' and '''Fortinet''' when '''Fortinet''' has a public IP and RUT is behind NAT. This setup will be similiar to Site to site configuration RUT public IP, we will need only to change network section on Fortinet and on RUT we will need to add Remote endpoint.
 
This section provides a guide on how to configure a successful site to site IPsec vpn connection between '''RUT''' and '''Fortinet''' when '''Fortinet''' has a public IP and RUT is behind NAT. This setup will be similiar to Site to site configuration RUT public IP, we will need only to change network section on Fortinet and on RUT we will need to add Remote endpoint.
 +
===Topology===
 +
----
 +
Fortinet – Fortinet will act as a hub. A hub is a server (IPsec responder), to which our spoke will be connected. It will be our remote endpoint for the spoke device. Fortinet has a LAN subnet of 192.168.5.0/24 and a WAN with Public IP, which should be reachable by the spoke.
 +
 +
RUT – RUT will act as a spoke. A spoke is a client (IPsec initiator), that will be connected to the hub. It will be connected to a hub to be able to reach Fortinet LAN subnet. RUT has a LAN subnet of 192.168.1.0/24 and a WAN with private IP.
 +
[[File:Fortinet_RUT_IPsec_site_to_site_fortinet_public.png|border|class=tlt-border|center]]
 
===Fortinet configuration===
 
===Fortinet configuration===
 +
----
 
As for the configuration of IPsec tunnel, everything is the same, only the Network and authentication sections needs to be changed, so for other sections refer to the guide site to site.  
 
As for the configuration of IPsec tunnel, everything is the same, only the Network and authentication sections needs to be changed, so for other sections refer to the guide site to site.  
 
Start by configuring the '''Fortinet''' device. Login to the WebUI, navigate to '''1. VPN → 2. IPsec Tunnels → 3. Create new → 4. IPsec Tunnel → 5. Your desired name → 6. Template type: Custom → 7. Click on the button next'''.
 
Start by configuring the '''Fortinet''' device. Login to the WebUI, navigate to '''1. VPN → 2. IPsec Tunnels → 3. Create new → 4. IPsec Tunnel → 5. Your desired name → 6. Template type: Custom → 7. Click on the button next'''.

Navigation menu