Home > Others

Hub-and-spoke IPSEC VPN Configuration

Source: Internet
Author: User
Tags firewall
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The 1,ipsec VPN application is more and more extensive, the following configuration instance is to the single headquarters multiple branch organization actual application

According to the configuration of this article, we can achieve the maximum VPN connectivity through the minimum number of VPN tunnels, the network topology is as follows:

As shown above, the Headquarters firewall machine hub firewall name is fortigate_1, its external network port IP address is: 172.16.10.1, the Headquarters intranet has 2 different department subnets respectively is the finance subnet (Finance network), The address is: 192.168.12.0/24 Human resource subnet (HR network), address is: 192.168.22.0/24;

There are 2 branches, one of the branches of the firewall name is called Spoke_1, its external network port IP address is: 172.16.20.1, intranet address is: 192.168.33.0/24; another branch office firewall name is Spoke_ 2, its external network port IP address is: 172.16.30.1, intranet address is: 192.168.44.0/24.

As this article is configured, we can eventually use a total of 2 VPN implementations with 2 different VPN schemes to achieve the mutual access requirements of 3 to 4 protected subnets.

2, policy-based VPN (channel mode)

Typically, the IPSec VPN gateway implements patterns that are based on a protected and protected subnet, which is a model of VPN policy, also known as policy-based VPN mode, described in detail below.

2. 1 Configuration Fortigate_1

2. 1. 1 Configuring IPSec VPN Phase One

Login to Fortigate_1 Web interface, enter virtual private network----IPSEC----automatically exchange key (IKE), new stage One,

Name: Spoke_1

Remote gateway: Static IP Address

IP Address: 172.16.20.1

Local interface: Wan1

Mode: Main Mode

Authentication mode: Pre-shared key

Pre-shared secret key: 123456

Click the Advanced option, remove the "Start IPSec interface mode" Before the tick, the other configuration using the default settings, the specific configuration as shown in the following figure:

Use the same method to configure another VPN to spoke_2, as follows:

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
palo alto networks ipsec vpn configuration advanced ipsec vpn android cisco asa ipsec vpn windows ipsec vpn client ipsec remote access vpn mac ipsec vpn client cisco router ipsec vpn

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More