How to Setup IPSEC VPN Between Fortigate & MikroTik – Part 2

Continuing my previous post here regarding how to setup VPN among Fortigate vs. MikroTik, herewith simple target topology of network that we would like to build.

Main site: 192.168.0.0/24 + IP Public A + Fortigate

Remote site: 192.168.40.0/24 + IP Public B + MikroTik

============================================

From remote site (MikroTik);

a. Ensure all traffic internet works correctly and end device could able to access internet

b. No firewall blocking & mangle for IPSEC/VPN traffic is being used

 

  1. Create NAT rule Accept for source & destination

add action=accept chain=srcnat dst-address=192.168.0.0/24 src-address=\
192.168.40.0/24

2. For IPSEC setup, all you may need to do just three steps;

a. Proposal (phase one)

b. Peers (phase two)

c. Policies (routing)

Go to IP -> IPSEC -> Proposal and create new time with following detail. This is called as phase 1 initiator.

Move to Peer tab and fill in all these options

On the Address column, fill the Public IP of main site and ensure pre-shared key selected match on both sites as well as algorithm/encryption you choose.

I chooses 3des and modp 1536 for the option encryption (DH-5). This is called as phase 2 initiator for IPSEC.

3. Last thing go thru policies tab and determine the routing for IPSEC. Put source & destination network and let the rest as it is.

On Action tab ensure Tunnel box as checked and proposal as we created previously. Put IP Public of remote site on SA Src. Address & main site on SA Dst. Address respectively.

Till here we are done for VPN setup on remote site and you could see on the log there is VPN log showing initiation fo phase one but seems failed because we have not done configure the main site.

It is using port 500 UDP for initiating VPN IPSEC connection.

Next, we will configuring all the rest on main site using Fortigate.

Ciao!

Leave a Reply

Your email address will not be published. Required fields are marked *