VPN Tunnel with Fortigate and Cisco Router

Site-A FortiGate 60E UTM License Firewall is connected with Dynamic WAN IP Address with DynDNS is configured.
Site-B Cisco 2911 Security Bundles Router is connected behind the 4G Router with Private IP Address with Internet Access

1- IKEv2 with IPSec VPN is Required
2- FortiGate VPN should be configured to accept multiple incoming connections e.g. like HUB
3- Phase-1 and Phase-2 (e.g Encryption and Algorithm) should be specific

Example for Cisco:
crypto ikev2 proposal IKEV2-PROPOSAL
encryption aes-cbc-256
integrity sha256
group 19

crypto ikev2 policy IKEV2-POLICY

crypto ipsec transform-set AES256-SHA512 esp-aes 256 esp-sha512-hmac
mode tunnel

crypto ipsec profile IPSEC-PROFILE
set transform-set AES256-SHA512
set ikev2-profile IKEV2-PROFILE
set pfs group19

4- Meaningful Naming Convention
5- Extended ACLs and Address Group If required.

Production Environment
Location: Worldwide

Leave a Reply