Configuring the FortiGate unit
There are several steps to the GRE-over-IPsec configuration:
• Enable overlapping subnets. This is needed because the IPsec and GRE tunnels will use the same addresses.
• Configure a route-based IPsec VPN on the external interface.
• Configure a GRE tunnel on the virtual IPsec interface. Set its local gateway and remote gateway addresses to match the local and remote gateways of the IPsec tunnel.
• Configure security policies to allow traffic to pass in both directions between the GRE virtual interface and the IPsec virtual interface.
• Configure security policies to allow traffic to pass in both directions between the protected network interface and the GRE virtual interface.
• Configure a static route to direct traffic destined for the network behind the Cisco router into the GRE-over-IPsec tunnel.