Site-to-Site

Site-to-Site VPN'i seadistamine

hari.intra ja hari.net võrkude ühendamine kasutades Site-to-Site tunnelit ja IPsec, et ühendada intranetid Branche1 ja Branche2.

Fortigate menüüs navigeeru "VPN>VPN Wizard". Sisesta tunneli nimi: "Hari-Site1". Vali "Site-to-Site Template"

Genereeri uus sertifikaat, mida kasutame autentimise jaoks. Sertifikaadi saab genereerida nii FortiGate tulemüüris kui ka Windows Serveris. Praegusel Võrgulaboris genereerime sertifikaadi Fortigate seadmes.

Valime "Generate Certificate"

Autentimise meetod: "Signature"

Certificate Name: "Site-to-Site"

Peer Certificate CA: "Fortinet_CA"

IKE: "Version 2"

Remote Site "Fortinet"

Remote Site Device Type: "Fortinet"

Remote Site Device: "Accessible and static"

IP: "192.168.40.10"

Lülita sisse "Route this device internet traffic through the remote site"

Outgoing interface that binds to tunnel "port1"

Create and add interface to zone: "port2"

Local Gateway "10.0.0.1"

CLI konsooli Ipsec Site-to-Site VPN paigaldamine

Site1: Hari-to-INTRA

Site2: INTRA-to-Hari

Site1: WAN (192.168.40.30), LAN(10.0.0.0/24)

Site2: WAN (192.168.40.10), LAN (172.16.1.0/24)