68
edits
Changes
IPsec site to site configuration between Teltonika and Fortinet devices (view source)
Revision as of 09:22, 21 June 2024
, 21 Juneno edit summary
<p style="color:red">The information in this page is updated in accordance with [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.07.2'''] firmware version.</p>
<p style="color:red">The information in this page is updated in accordance with [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''00.07.07.2'''] firmware version.</p>
<p style="color:red">The information in this page is updated in accordance with '''Fortinet v7.4.3''' firmware version.</p>
==Introduction==
==Introduction==
Normally we configure IPsec for LAN-to-LAN communication, also known as split-tunnel VPN, when only specific hosts or subnets should be reachable via a VPN tunnel. However, we may also take a different approach and configure a VPN tunnel using the full tunnel method. This means that any non-directly connected network (i.e. lan interface) will be reachable only via IPsec tunnel and not via the typical default route.
Normally we configure IPsec for LAN-to-LAN communication, also known as split-tunnel VPN, when only specific hosts or subnets should be reachable via a VPN tunnel. However, we may also take a different approach and configure a VPN tunnel using the full tunnel method. This means that any non-directly connected network (i.e. lan interface) will be reachable only via IPsec tunnel and not via the typical default route.
==Topology==
==Topology==
'''RUT''' – '''RUT''' will act as a '''hub'''. A hub is a server, to which our spoke will be connected (IPsec responder). It will be our "default gateway" for the spoke device. RUT has a LAN subnet of 192.168.1.0/24 and a WAN with Public IP, which should be reachable by the spoke.
'''RUT''' – '''RUT''' will act as a '''hub'''. A hub is a server (IPsec responder), to which our spoke will be connected. It will be our remote endpoint for the spoke device. RUT has a LAN subnet of 192.168.1.0/24 and a WAN with Public IP, which should be reachable by the spoke.
'''Fortinet''' – '''Fortinet''' will act as a '''spoke'''. A spoke is a client, that will be connected to the hub (IPsec initiator). It will be connected to a '''hub''' for basic internet access. Fortinet has a LAN subnet of 192.168.5.0/24 and a WAN with private IP.
'''Fortinet''' – '''Fortinet''' will act as a '''spoke'''. A spoke is a client (IPsec initiator), that will be connected to the hub. It will be connected to a '''hub''' to be able to reach RUT LAN subnet. Fortinet has a LAN subnet of 192.168.5.0/24 and a WAN with private IP.
[[File:TopologijaIPsecPublicRutSingleLAN.png|border|class=tlt-border|center]]
[[File:TopologijaIPsecPublicRutSingleLAN.png|border|class=tlt-border|center]]
