Line 230: |
Line 230: |
| After setting up our IPsec instance and firewall, we will need to configure our static route accordingly. Navigate to '''Network → Static routes → and click on a Create new button.''' For that we will need to create four static route interfaces, two for blackholes and two for accessing our RUT device LAN1/LAN2, configure everything the same as for site to site, just add the LAN2. It should look like this: | | After setting up our IPsec instance and firewall, we will need to configure our static route accordingly. Navigate to '''Network → Static routes → and click on a Create new button.''' For that we will need to create four static route interfaces, two for blackholes and two for accessing our RUT device LAN1/LAN2, configure everything the same as for site to site, just add the LAN2. It should look like this: |
| [[File:Fortinet_static_route_general.png|border|class=tlt-border|center]] | | [[File:Fortinet_static_route_general.png|border|class=tlt-border|center]] |
| + | ---- |
| + | ===RUT configuration=== |
| + | Then configure the '''RUT''' device. Login to the WebUI, navigate to '''Services → VPN → IPsec and add a new IPsec instance.''' Configure everything the same like site to site configuration, only change the '''Connection general section''' accordingly. |
| + | ====Connection general section configuration==== |
| + | ---- |
| + | <table class="nd-othertables_2"> |
| + | <tr> |
| + | <th width=330; style="border-bottom: 1px solid white;></th> |
| + | <th width=800; style="border-bottom: 1px solid white;" rowspan=2>[[File:Rut_IPsec_configuration_connection_general_site_to_site_multiple_lan.png|border|class=tlt-border|center]]</th> |
| + | </tr> |
| + | <tr> |
| + | <td style="border-bottom: 4px solid white> |
| + | Make the following changes: |
| + | # Local subnet – '''''192.168.1.0/24;''''' |
| + | # '''''Click + button to add another Local subnet;''''' |
| + | # Local subnet - '''''192.168.2.0/24;''''' |
| + | # Remote subnet – '''''192.168.5.0/24;''''' |
| + | # '''''Click + button to add another Remote subnet;''''' |
| + | # Remote subnet – '''''192.168.4.0/24;''''' |
| + | # Key exchange - '''''IKEv2;''''' |
| + | </td> |
| + | </tr> |
| + | </table> |
| ---- | | ---- |
| ==Site to site configuration Fortinet public IP== | | ==Site to site configuration Fortinet public IP== |