How To Configure Site-To-Site Ipsec Vpn With Fortigate; Set Up The Ipsec Vpn Tunnel On The Zywall/Usg - ZyXEL Communications ZyWALL 110 Handbook

If you see that Phase 1 IKE SA process done but still get below [info] log message, please check
2
ZyWALL/USG Phase 2 Settings. Both ZyWALL/USG at the HQ and Branch sites must use the same
Protocol, Encapsulation, Encryption, Authentication method and PFS to establish the IKE SA.
Figure 257 MONITOR > Log
Make sure the both ZyWALL/USG at the HQ and Branch sites security policies allow IPSec VPN
3
traffic. IKE uses UDP port 500, AH uses IP protocol 51, and ESP uses IP protocol 50.
Default NAT traversal is enable on ZyWALL/USG, please make sure the remote IPSec device must
4
also have NAT traversal enabled.

4.3 How to Configure Site-to-site IPSec VPN with FortiGate

This example shows how to use the VPN Setup Wizard to create a site-to-site VPN between a
ZYWALL/USG and a FortiGate router. The example instructs how to configure the VPN tunnel
between each site. The example instructs how to configure the VPN tunnel between each site.
When the VPN tunnel is configured, each site can be accessed securely.
Figure 258 ZyWALL Site-to-site IPSec VPN with FortiGate Connected
Note: All network IP addresses and subnet masks are used as examples in this article.
Please replace them with your actual network IP addresses and subnet masks.
This example was tested using USG310 (Firmware Version: ZLD 4.13) and
FortiGate 100D (Firmware Version: Forti OS 5.2.1).

4.3.1 Set Up the IPSec VPN Tunnel on the ZyWALL/USG

In the ZyWALL/USG, go to CONFIGURATION > Quick Setup > VPN Setup Wizard, use the VPN
1
Settings wizard to create a VPN rule that can be used with the FortiGate. Click Next.
Chapter 4 Create Site-to-Site VPN Tunnels
ZyWALL/USG Series User's Guide
117