In this Example, I have designed and configured a Route-based IPSec VPN between Juniper SRX and Fortinet device.
The VPN is configured in SRX of Junos 11.4 Version and Fortinet of OS 4.0 version.
Both the sides of location facing internet have static IP address.
The table shows Phase-I and Phase-II VPN parameters.
It must be same on both side of VPN configured devices and some other parameters are locally significant.
IPSec (Phase-I and Phase-II) VPN parameters The following VPN parameters are significant to establish Route based Ipsec VPN between Juniper SRX device and Fortinet Device.
For route of tunnel traffic, next-hop would be normally the gateway ip address of peer device but here st0.1 has been specified as there is not defined the IP address in tunnel interface of peer Device.
To separate the security policies for non-VPN and VPN traffic, the secure tunnel is assigned in different zone named VPN than the WAN and LAN zone.
IKEmust be defined as host-inbound system services in internet facing zone (WAN) to establish the IKEnegotiations between VPN peer devices.
Configuring the Fortinet device with CLI is not as easier as Juniper SRX though I’ll try to show the command to configure the IPSEC VPN in it.
After Logging to the device type the following command in corresponding hierarchy of CLI.
The configuration with web is also added along with the CLI procedure.