Set up IPSec Dynamic DNS VPN between two fortigate devices

This document describes the dynamic DNS VPN in IPSec VPN, where two fortigate devices establish a communication channel between them, allowing the servers or hosts that the FortiGate protects to access each other. One of the fortigate uses static IP while the other fortigate uses static domain names and dynamic IP.

Before you configure, you need to unify VPN policies and parameters such as schemas, encryption algorithms, authentication methods, DH groups, key cycles, Xauth, and support for Nat, DPD, and so on. The mode, encryption algorithm, authentication mode, DH group must be consistent, otherwise could not build VPN.

Environment Introduction:

This article uses fortigate400a and fortigate110c to do the demo. The system version supported in this article is Fortios v3.0 and higher.

Topology:

In this configuration, a fortigate uses static domain names and dynamic IP, so when the VPN is established, the End-to-end device needs to find the IP of the domain name through the domain name server first, then establish the VPN connection. FortiGate with dynamic IP needs to be set up DDNS to ensure that dynamic IP is reported to the domain name server in a timely manner.

fortigate400a end configuration: Using static IP

Step one: Define IPSec Phase One

Click the Create phase one in the virtual private network----IPSEC----Auto-exchange key.

Remote gateway: Select Dynamic DNS

Dynamic DNS: Static domain name for end FortiGate

Local interface: The interface of this device connecting Internet

Pattern: Savage Mode