Configuring branch_2 VPN tunnel settings

Chapter 10 IPsec VPN : Dynamic DNS configuration : Configure the dynamically-addressed VPN peer : Configuring branch_2 VPN tunnel settings

Define the Phase 1 parameters needed to establish a secure connection with the remote peer. See “Phase 1 parameters”. During this procedure you need to choose if you will be using route-based or policy-based VPNs.

To configure branch_2 VPN tunnel settings

1. Go to VPN > IPsec > Tunnels and create the new custom tunnel or edit an existing tunnel.

2. Edit the Phase 1 Proposal (if it is not available, you may need to click the Convert to Custom Tunnel button).

3. Enter the following information.


Name	Enter branch_2, a name to identify the VPN tunnel. This name appears in Phase 2 configurations, security policies, and the VPN monitor.
Remote Gateway	Select Static IP Address. The remote peer this FortiGate is connecting to has a static IP public address. If the remote interface is PPPoE do not select Retrieve default gateway from server.
IP Address	Enter 172.16.20.1. The IP address of the public interface to the remote peer.
Enter 172.16.20.1 The IP address of the public interface to the remote peer.	Select Aggressive.

4. Select Advanced and complete the following:


Local ID	Enter example.com. A character string used by the branch_2 FortiGate unit to identify itself to the remote peer. This value must be identical to the value in the This peer ID field of the Phase 1 remote gateway configuration on the branch_1 remote peer. See “Configuring branch_1 VPN tunnel settings”.

5. Open the Phase 2 Selectors panel.

Define the Phase 2 parameters needed to create a VPN tunnel with the remote peer. For details on Phase 2, see “Phase 2 parameters”.

6. Enter the following information and select OK.


Name	Enter branch_2_phase2. A name to identify this Phase 2 configuration.
Phase 1	Select branch_2. The name of the Phase 1 configuration that you defined earlier.