Changes

4 bytes added , Tuesday at 11:54

m

no edit summary

Line 23: Line 23:

'''RUT''' – '''RUT''' will act as a '''hub'''. A hub is a server (IPsec responder), to which our spoke will be connected. It will be our remote endpoint for the spoke device. RUT has a LAN subnet of 192.168.1.0/24 and a WAN with Public IP, which should be reachable by the spoke.

−

'''Fortigate''' – '''Fortigate''' will act as a '''spoke'''. A spoke is a client (IPsec initiator), that will be connected to the hub. It will be connected to a '''hub''' to be able to reach RUT LAN subnet. ~~Fortinet~~ has a LAN subnet of 192.168.5.0/24 and a WAN with private IP.

+

'''Fortigate''' – '''Fortigate''' will act as a '''spoke'''. A spoke is a client (IPsec initiator), that will be connected to the hub. It will be connected to a '''hub''' to be able to reach RUT LAN subnet. Fortigate has a LAN subnet of 192.168.5.0/24 and a WAN with private IP.

[[File:Fortinet_RUT_IPsec_site_to_site_rut_public.png|border|class=tlt-border|1102x400px|center]]

Line 268: Line 268:

==Site to site configuration Fortigate public IP==

----

−

This section provides a guide on how to configure a successful site to site IPsec vpn connection between '''RUT''' and '''Fortigate''' when '''Fortigate''' has a public IP and RUT is behind NAT. This setup will be similiar to Site to site configuration RUT public IP, we will need only to change network section on ~~Fortinet~~ and on RUT we will need to add Remote endpoint.

+

This section provides a guide on how to configure a successful site to site IPsec vpn connection between '''RUT''' and '''Fortigate''' when '''Fortigate''' has a public IP and RUT is behind NAT. This setup will be similiar to Site to site configuration RUT public IP, we will need only to change network section on Fortigate and on RUT we will need to add Remote endpoint.

===Topology===

----

−

Fortigate – Fortigate will act as a hub. A hub is a server (IPsec responder), to which our spoke will be connected. It will be our remote endpoint for the spoke device. ~~Fortinet~~ has a LAN subnet of 192.168.5.0/24 and a WAN with Public IP, which should be reachable by the spoke.

+

Fortigate – Fortigate will act as a hub. A hub is a server (IPsec responder), to which our spoke will be connected. It will be our remote endpoint for the spoke device. Fortigate has a LAN subnet of 192.168.5.0/24 and a WAN with Public IP, which should be reachable by the spoke.

RUT – RUT will act as a spoke. A spoke is a client (IPsec initiator), that will be connected to the hub. It will be connected to a hub to be able to reach Fortigate LAN subnet. RUT has a LAN subnet of 192.168.1.0/24 and a WAN with private IP.

Line 329: Line 329:

[[File:Networking_ssh_manual_IPsec_configuration_test_ping_v1.png|border|class=tlt-border|506x133px|center]]

----

−

To check if IPsec tunnel is working properly from '''~~Fortinet~~''', we can try pinging our '''RUT''' device by using this command in command line interface on Fortigate<code>'''exec ping 192.168.1.1'''</code>, if you are not able to ping '''RUT''' device, try changing the source interface from which we try pinging, by executing this command <code>'''exec ping-options source 192.168.5.99'''</code>:

+

To check if IPsec tunnel is working properly from '''Fortigate''', we can try pinging our '''RUT''' device by using this command in command line interface on Fortigate<code>'''exec ping 192.168.1.1'''</code>, if you are not able to ping '''RUT''' device, try changing the source interface from which we try pinging, by executing this command <code>'''exec ping-options source 192.168.5.99'''</code>:

[[File:Fortinet_IPsec_test_ping.png|border|class=tlt-border|center]]

----

Dziugas.Syminas

Administrators

68

edits

Changes

IPsec site to site configuration between Teltonika and Fortigate devices (view source)

Revision as of 11:54, 25 June 2024