Network diagram:
Configuration FortiGate:
Create IPsec phases and tunnels.
- Navigate to VPN -> IPsec Tunnels, select Create New, and set the Template Type to Custom.
- Then, follow the detailed reference guide below.
RouterOS Configuration using Winbox:
- All configuration is done in the IP -> IPsec section using Winbox.
- First, create the IPsec Profile, where the IKE proposal is defined.
- In the next step, create a new IPsec Proposal for phase 2 encryption.
- No Auth. Algorithms are needed since used AES-256-GCM as the encryption algorithm, which already includes the authentication.
- For the peer configuration, set the name, IP address, IPsec profile, and Exchange Mode to IKEv2.
- To set the authentication method using a pre-shared key, add a new IPsec Identity.
- Next, define which networks will communicate with each other through the VPN tunnel.
- In the final step, select the IPsec Proposal named FortiGate to apply the correct encryption for phase 2 / ESP.
Monitoring the status of the IPsec Tunnel on FortiGate and Mikrotik:
FortiGate:
Mikrotik:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article