IPSec
FortiWAN’s IPSec VPN is based on the standard two-phase Internet Key Exchange (IKE) protocol, and two communication modes: tunnel mode and transport mode. IPSec is one of the popular standards for establishing a site-to-site VPN network. It contains the tunneling technology and strict security mechanisms. Different from the tunneling of IPSec VPN, FortiWAN’s Tunnel Routing has the advantages of bandwidth aggregation and fault tolerance. By integrating IPSec and Tunnel Routing, FortiWAN is fit for the requirement that an IPSec VPN with ability of bandwidth aggregation and fault tolerance.
We start the topic with IPSec VPN Concepts, which includes the descriptions of IPSec VPN overview, IPSec key exchange and How IPSec VPN works. The next topic describes how to set up FortiWAN IPSec VPN, see IPSec set up. IPSec VPN installation is divided into the stages as follows:
- The specifications of FortiWAN IPSec, see About FortiWAN IPSec VPN.
- Concern of planning a VPN deployment, see Planning your VPN. l Operations and configurations on Web UI, see IPSec VPN in the Web UI. l Necessary routing policies for the VPN (with scenarios), see Define routing policies for an IPSec VPN. l Basic setting for establishing IPSec VPN with FortiGate, see Establish IPSec VPN with FortiGate.
If you already have Tunnel Routing running and desire IPSec protection (IPSec Transport mode) on it, you could refer to the descriptions in IPSec VPN in the Web UI and the examples in Define routing policies for an IPSec VPN directly.
IPSec VPN Concepts
As we know, a private network (deployment of private IP addresses) is invisible, closed to public network (usually the Internet). Two private networks in geographically different location can not directly access each other through Internet. Virtual Private Network (VPN) is a concept that connects local and remote private networks over Internet to logically become one private network. An user in a local private network is capable to have accesses to resource in remote private network in a secure way through Internet, such as the access to remote private network of the headquarters office from (branch) local private network. Users of the two private networks access to each other without being aware of the VPN transmissions, just like they are physically in the same network.
The VPN concept implies two critical elements, a tunnel connecting two private networks over an intermediate network and a secure way transferring data through the tunnel (over an untrusted network), which make the virtual private network matches the properties of a physical private network, accesses among private IP address and invisibility to public network (data privacy). IPSec is just the technology designed to implement the two properties of VPN concept. A VPN network established by IPSec can be called IPSec VPN. It not only gives the tunneling implementation for connectivity of two incompatible networks, but also put emphasis on the strict security definitions.