Creating new IPsec VPN templates
Instead of creating a new template, you can clone the default template.
To create an IPsec VPN template:
- Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
- Click Create New from the toolbar. The Create New IPsec Tunnel Template dialog appears.
- Enter a Name for the template.
- Click OK. The new template is created
- Select the template name and click Edit.
- At the top of the list of tunnel templates, click Create New.
- Enter the IPsec tunnel settings:
Setting
Value/Description
Tunnel Name
Enter a name for this IPsec tunnel.
Routing
Manual: Routes will not automatically created.
Automatic: Static routes to remote subnet will be created.
Remote Device
Select from IP Address, Dynamic DNS, or Dynamic.
Remote Gateway (IP Address)
Enter the IP address of the remote gateway for this tunnel.
This field accepts meta field variables.
In this example, you will use the remote_site_id meta field variable here,
101.71.$(remote_site_id).1
, where the meta field variable value will be substituted at runtime.Outgoing Interface
Enter the outgoing interface port name (for example,
port2
).Local ID
Optionally, specify an identifier that is used to identify this device to VPN servers during the phase 1 exchange.
This field accepts meta field variables.
Network Overlay
Enable or disable network overlay. If enabled, enter the network ID.
Remote Subnet
Enter one or more remote subnets, with netmask. This field accepts meta field variables.
For this example, enter
200.71.$(remote_site_id).0/255.255.255.0
, where the meta field variable value will be substituted at runtime.Proposal
Select the encryption and authentication algorithms used to generate keys for the internet key exchange security association (IKE SA).
There must be a minimum of one combination. The remote peer or client must be configured to use at least one of the proposals that you define.
Authentication Method
Pre-shared Key: Alphanumeric key used for device authentication.
Signature: Select the certificate to use for authentication.
Tunnel Interface Setup
Configure the IP and/or remote IP for the tunnel to use in the IPsec template.
Advanced Options
Expand to access and set a number of advanced options.
- Click OK to save the settings. The IPsec template is created and ready to be assigned to devices.
To import an IPsec VPN template:
- If using ADOMs, ensure that you are in the correct ADOM.
- Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
- Click Import. The Import IPSec Template screen is shown.
- Configure the following settings and click OK:
- Name - specify a name for the IPSec template.
- Device - select the FortiGate device from where to select the IPsec template.
The IPsec template is imported.