Changes

[[File:Networking_rutos_manual_webui_basic_advanced_mode_75.gif|border|center|class=tlt-border|1102x93px]]

[[File:Networking_rutos_manual_webui_basic_advanced_mode_75.gif|border|center|class=tlt-border|1102x93px]]

==Topology==

===Topology===

'''RUT''' – '''RUT''' will act as a '''hub'''. A hub is a server (IPsec responder), to which our spoke will be connected. It will be our remote endpoint for the spoke device. RUT has a LAN subnet of 192.168.1.0/24 and a WAN with Public IP, which should be reachable by the spoke.

'''RUT''' – '''RUT''' will act as a '''hub'''. A hub is a server (IPsec responder), to which our spoke will be connected. It will be our remote endpoint for the spoke device. RUT has a LAN subnet of 192.168.1.0/24 and a WAN with Public IP, which should be reachable by the spoke.

   

   

'''Fortinet''' – '''Fortinet''' will act as a '''spoke'''. A spoke is a client (IPsec initiator), that will be connected to the hub. It will be connected to a '''hub''' to be able to reach RUT LAN subnet. Fortinet has a LAN subnet of 192.168.5.0/24 and a WAN with private IP.

'''Fortinet''' – '''Fortinet''' will act as a '''spoke'''. A spoke is a client (IPsec initiator), that will be connected to the hub. It will be connected to a '''hub''' to be able to reach RUT LAN subnet. Fortinet has a LAN subnet of 192.168.5.0/24 and a WAN with private IP.

[[File:TopologijaIPsecPublicRutSingleLAN.png|border|class=tlt-border|center]]

[[File:Fortinet_RUT_IPsec_site_to_site_rut_public.png|border|class=tlt-border|center]]

===Fortinet configuration===

===Fortinet configuration===

Start by configuring the '''Fortinet''' device. Login to the WebUI, navigate to '''1. VPN → 2. IPsec Tunnels → 3. Create new → 4. IPsec Tunnel → 5. Your desired name → 6. Template type: Custom → 7. Click on the button next'''.

Start by configuring the '''Fortinet''' device. Login to the WebUI, navigate to '''1. VPN → 2. IPsec Tunnels → 3. Create new → 4. IPsec Tunnel → 5. Your desired name → 6. Template type: Custom → 7. Click on the button next'''.

----

----

==Site to site configuration with multiple LANs==

==Site to site configuration with multiple LANs==

----

----

This section provides a guide on how to configure a successful site to site IPsec vpn connection between '''RUT''' and '''Fortinet''' devices with multiple LANs. Here is the list of LANs with their subnets:

This section provides a guide on how to configure a successful site to site IPsec vpn connection between '''RUT''' and '''Fortinet''' devices with multiple LANs.  

** LAN1: 192.168.5.0/24 with default gateway 192.168.5.99

** LAN2: 192.168.4.0/24 with default gateway 192.168.4.99

'''RUT''' – '''RUT''' will act as a '''hub'''. A hub is a server (IPsec responder), to which our spoke will be connected. It will be our remote endpoint for the spoke device. RUT has a LAN1 subnet of 192.168.1.0/24, LAN2 subnet of 192.168.2.0/24 and a WAN with Public IP, which should be reachable by the spoke.

* RUT:

** LAN1: 192.168.1.0/24 with default gateway 192.168.1.1

'''Fortinet''' – '''Fortinet''' will act as a '''spoke'''. A spoke is a client (IPsec initiator), that will be connected to the hub. It will be connected to a '''hub''' to be able to reach RUT LAN1 and LAN2 subnet. Fortinet has a LAN1 subnet of 192.168.5.0/24, LAN2 subnet of 192.168.4.0/24 a WAN with private IP.

** LAN2: 192.168.2.0/24 with default gateway 192.168.2.1

 

[[File:Fortinet_RUT_IPsec_site_to_site_rut_public_multiple_lan.png|border|class=tlt-border|center]]

 

===Fortinet configuration===

===Fortinet configuration===

----  

----  

----

----

==Site to site configuration Fortinet public IP==

==Site to site configuration Fortinet public IP==

This section provides a guide on how to configure a successful site to site IPsec vpn connection between '''RUT''' and '''Fortinet''' when '''Fortinet''' has a public IP and RUT is behind NAT. This setup will be similiar to Site to site configuration RUT public IP, we will need only to change network section on Fortinet and on RUT we will need to add Remote endpoint.

This section provides a guide on how to configure a successful site to site IPsec vpn connection between '''RUT''' and '''Fortinet''' when '''Fortinet''' has a public IP and RUT is behind NAT. This setup will be similiar to Site to site configuration RUT public IP, we will need only to change network section on Fortinet and on RUT we will need to add Remote endpoint.

===Fortinet configuration===

===Fortinet configuration===

As for the configuration of IPsec tunnel, everything is the same, only the Network and authentication sections needs to be changed, so for other sections refer to the guide site to site.  

As for the configuration of IPsec tunnel, everything is the same, only the Network and authentication sections needs to be changed, so for other sections refer to the guide site to site.  

Start by configuring the '''Fortinet''' device. Login to the WebUI, navigate to '''1. VPN → 2. IPsec Tunnels → 3. Create new → 4. IPsec Tunnel → 5. Your desired name → 6. Template type: Custom → 7. Click on the button next'''.

Start by configuring the '''Fortinet''' device. Login to the WebUI, navigate to '''1. VPN → 2. IPsec Tunnels → 3. Create new → 4. IPsec Tunnel → 5. Your desired name → 6. Template type: Custom → 7. Click on the button next'''.