FortiGate IPsec Auto Discovery VPN

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Welcome to our tutorial on setting up an ipsec auto Discovery VPN with vgp as the overlay routing protocol as you can see on the diagram there are three sites HQ and two Branch offices the auto Discovery VPN uses Hub and spoke Network topology thus we will configure HQ as the auto Discovery VPN Hub and the two branches as spokes the advantage of using Auto Discovery VPN is to ensure that spoke to spoke traffic does not always Traverse The Hub instead Dynamic VPN tunnels are created on demand between spots prefixes across sites will be learned via bgp I will be providing explanation to the configurations as we move along so let's begin we will start with the configuration on the Hub I will first test connectivity to the two Branch offices Gateway devices provide a name for the VPN for remote Gateway choose dial-up user this will allow the Hub to form ipsec tunnels with multiple spokes disable add root this ensures that Ike does not automatically add a route when the dynamic tunnel is negotiated routing will be accomplished via routing protocol enable auto Discovery sender with this setting when ipsec traffic transits The Hub it will send a shortcut offer to the spoke that initiated the traffic to indicate that it could perhaps establish a more direct connection set the peer options on the Hub to any peer set the other phase 1 in Phase 2 parameters according to your requirements the phase II local and remote addresses on the Hub should be said to all we are done with the ipsec tunnel configuration on the Hub firewall policies are next two firewall policies are needed one policy to allow spoke to HUB traffic and another to allow spoke to spoke traffic in the spoke to HUB rule choose all for the source address and disable net but in the spoke to spoke rule for the source and destination interfaces choose the ipsec tunnel and select all for the source and destination addresses again disable net let's assign an IP address to the tunnel interface this will be used by the overlay routing protocol the remote IP should be an unused IP address in the overlay subnet for routing we will configure ibgp between the Hub and Spokes and the Hub will be configured as a root reflector advertise the overlay network of 10.0.0.0 24 in bgp Hub configuration is complete now to the spokes on the spokes the remote Gateway will be the IP address of the Hub here too we will disable add root and enable auto Discovery receiver with this setting the spoke indicates that it wishes to participate in an auto Discovery VPN or wants to receive a shortcut offer set the other phase 1 and Phase 2 parameters to match those on the Hub we do not recommend the use of Des sha-1 or diffie-hellman group of five or less in a production environment you may enable auto negotiate create two firewall rules on the spoke one for inbound and the other for outbound in both rules choose all all for the source and destination addresses and disable net for routing assign an IP address to the tunnel interface and configure bgp now let's quickly finish up on the other spoke we are done with all configuration let's have a quick look at some of the configuration in CLI on the Hub the ipsec VPN tunnels to the two spokes are up let's generate some traffic between the two spokes on spoke one ping 10.0.0.1 and 10.2.2.1 sourcing from 10.1.1.1 checking some VPN and vgp details finally let's do a tracer out to the remote end great we have created an ipsec auto Discovery VPN between three locations using vgp as the overlay routing protocol thanks for watching our tutorial if you have any questions or need further assistance please feel free to leave a comment below don't forget to subscribe to our channel for more helpful tutorials see you next time
Info
Channel: Verifine Academy
Views: 3,426
Rating: undefined out of 5
Keywords: FortiGate, IPsec VPN, FortiGate IPsec, FortiGate IPsec Loopback, IPsec with Loopback Interface, Site-to-Site IPsec Loopback Interface, FortiGate Site-to-Site VPN, FortiGate IPsec VPN, Site-to-Site VPN with Loopback, IPsec VPN with Loopback
Id: _aI-ETTI1rU
Channel Id: undefined
Length: 15min 22sec (922 seconds)
Published: Thu May 11 2023
Related Videos
FortiGate Site-to-Site IPsec VPN with Overlapping Subnets
Verifine Academy
8.5K
FortiGate IPsec ADVPN with SDWAN and Dual ISPs
Verifine Academy
23K
Fortigate Home Lab: Create IPSec VPN Tunnel Using BGP with VTI
NetSec
1.5K
Configure Site-To-Site VPN on FortiGate Firewall | Step by Step
Net Config
287
[Fortigate] Hub-and-Spoke VPN configuration
TechTalkSecurity
7.5K
FortiGate Site to Site IPsec Aggregate Tunnel
Verifine Academy
3.3K
[Fortigate] Hub-and-spoke ADVPN using IPsec VPN wizard/Dynamically add spokes using autoconfig key
TechTalkSecurity
8.2K
Setup of FortiGate ADVPN
ahmed nabil
8K
FortiGate SDWAN with IPsec VPN
Verifine Academy
16K
Mastering Site-to-Site IPSec Tunnel & SD-WAN Setup on Fortigate
Static Route
15K
HOW TO CONFIGUER ADVPN IN FORTIGATE FIREWALL | ENGLISH
FIREWALLCAFE
3.3K
AWS Site-to-Site #vpn #handson - #hybrid #network #connectivity between #onpremise and #amazon #vpc
SrcCodes
961
FortiGate v7.2 IPSEC Basic Configuration & Troubleshooting
The Network Berg
17K
Fortinet: Troubleshoot 5 IPSec Site-to-Site VPN Scenarios - FortiGate
ToThePoint Fortinet
33K
HOW TO CONFIGURE VDOMS IN TO FORTIGATE FIREWALL | IN HINDI
FIREWALLCAFE
1K
Fortigate SDWAN ADVPN with dual ISP
Lado Ninikashvili
1.6K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.