Configuring branch_2 VPN tunnel settings

Define the phase 1 parameters needed to establish a secure connection with the remote peer. See “Auto Key phase 1 parameters”. During this procedure you need to choose if you will be using route-based or policy-based VPNs.


Name	Enter branch_2, a name to identify the VPN tunnel. This name appears in phase 2 configurations, security policies, and the VPN monitor.
Remote Gateway	Select Static IP Address. The remote peer this FortiGate is connecting to has a static IP public address. If the remote interface is PPPoE do not select Retrieve default gateway from server.
IP Address	Enter 172.16.20.1. The IP address of the public interface to the remote peer.
Enter 172.16.20.1 The IP address of the public interface to the remote peer.	Select Aggressive.


Enable IPsec Interface Mode	Enable for a route-based VPN and when configuring policies, go to “Creating branch_2 route-based security policies”. Disable for a policy-based VPN and when configuring policies, go to “Creating branch_2 policy-based security policies”. If enabled, default settings are used.
Local ID	Enter example.com. A character string used by the branch_2 FortiGate unit to identify itself to the remote peer. This value must be identical to the value in the Accept this peer ID field of the phase 1 remote gateway configuration on the branch_1 remote peer. See “Configuring branch_1 VPN tunnel settings”.

Define the phase 2 parameters needed to create a VPN tunnel with the remote peer. For details on phase 2, see “Phase 2 parameters”.


Name	Enter branch_2_phase2. A name to identify this phase 2 configuration.
Phase 1	Select branch_2. The name of the phase 1 configuration that you defined earlier.