Creating VPN communities
Create the following separate VPN communities:
- One VPN community over the Internet named OL_INET
- One VPN community over MPLS named OL_MPLS
FortiManager supports having two Hubs within the same community.
The following parameters will be used for each VPN community. Any parameters not mentioned in the table can be left to use default values:
|
Parameter |
Value |
|---|---|
|
VPN Topology
|
Dial-Up
|
|
Authentication
|
Pre-shared Key = 123Fortinet!@#
|
|
IKE Version
|
2
|
|
IKE SA Proposals
|
AES256/SHA256, AES256GCM/PRFSHA384
|
|
IPSEC SA Proposals
|
AES256/SHA256, AES256GCM
|
|
VPN Zone
|
OFF
|
|
Dead Peer Detection
|
On Idle |
|
dpd-retrycount
|
2
|
|
dpd-retryinterval
|
10
|
To create a VPN Community from the GUI:
- Go to VPN Manager > IPsec VPN.
- In the toolbar, click Create New. The VPN Topology Setup Wizard dialog appears.
- Enter a name for the topology, such as OL_INET.
- In the Choose VPN topology field, select Dial up, and click Next.
- Complete the setup as required in the wizard.
Ensure that VPN Zone is disabled while completing the dial-up topology setup. Enabling VPN Zone and setting it to Create Default Zones, creates a dynamic interface by default.
SD-WAN does not support dynamic interfaces.
- Click OK. The VPN community is created.
- Similarly, create another VPN community called OL_MPLS for the MPLS network.