In this short video I show a brief overview of the step by step requirements to create a VPN between a Cisco IOS using VTI and FortiGate 5.2.x track using 0.0.0.0/0.0.0.0 Quick mode selectors (Single P2)
Reason to configure your Cisco with this type of VPN:
• Simplifies management---Customers can use the Cisco IOS® Software virtual tunnel constructs to configure an IPSec virtual tunnel interface, thus simplifying VPN configuration complexity, which translates into reduced costs because the need for local IT support is minimized. In addition, existing management applications that can monitor interfaces can be used for monitoring purposes.
• Supports multicast encryption---Customers can use the Cisco IOS Software IPSec VTIs to transfer the multicast traffic, control traffic, or data traffic---for example, many voice and video applications---from one site to another securely.
• Provides a routable interface---Cisco IOS Software IPSec VTIs can support all types of IP routing protocols. Customers can use these VTI capabilities to connect larger office environments---for example, a branch office, complete with a private branch exchange (PBX) extension.
• Improves scaling---IPSec VTIs need fewer established security associations to cover different types of traffic, both unicast and multicast, thus enabling improved scaling.
• Offers flexibility in defining features---An IPSec VTI is an encapsulation within its own interface. This offers flexibility of defining features to run on either the physical or the IPSec interface.
You can find me on:
Twitter - @RyanBeney - https://twitter.com/ryanbeney
Linkedin - /RyanBeney - https://uk.linkedin.com/in/ryanbeney
Cisco Configuration I used:
crypto isakmp policy 1
crypto isakmp key test123 address 10.200.3.1
crypto ipsec transform-set Trans-1 esp-des esp-md5-hmac
crypto ipsec profile testvpn
set transform-set Trans-1
set pfs group2
tunnel source 10.200.3.254
Tunnel ip add 192.168.0.1
tunnel mode ipsec ipv4
tunnel destination 10.200.3.1
tunnel protection ipsec profile testvpn
ip route 172.16.0.0 255.255.255.0 tunnel 1