IPSec VPN | Redundant IPSec VPNs |
|
|
Action | ENCRYPT |
VPN Tunnel | The VPN tunnel name added in step 1. (Use the same tunnel for all encrypt |
| policies.) |
Allow inbound | Select allow inbound. |
Allow outbound Do not enable. | |
Inbound NAT | Select inbound NAT if required. |
Outbound NAT | Select outbound NAT if required. |
See “Adding an encrypt policy” on page 247.
6Arrange the policies in the following order:
•outbound encrypt policies
•inbound encrypt policy
•default
Note: The default
Redundant IPSec VPNs
To ensure the continuous availability of an IPSec VPN tunnel, you can configure multiple connections between the local FortiGate unit and the remote VPN peer (remote gateway). With a redundant configuration, if one connection fails the FortiGate unit establishes a tunnel using the other connection.
The configuration depends on the number of connections that each VPN peer has to the Internet. For example, if the local VPN peer has two connections to the Internet, then it can provide two redundant connections to the remote VPN peer.
A single VPN peer can be configured with up to three redundant connections.
The VPN peers are not required to have a matching number of Internet connections. For example, between two VPN peers, one peer can have multiple Internet connections while the other has only one Internet connection. In the case of an asymmetrical configuration, the level of redundancy varies from one end of the VPN to the other.
Note: IPSec Redundancy is only available to VPN peers that have static IP addresses and that authenticate themselves to each other with
253 |