This is the lab to use to set up the IPSEC site-to-site tunnel between both devices.
![](https://tungle.ca/wp-content/uploads/2022/01/image-504.png)
![](https://tungle.ca/wp-content/uploads/2022/01/image-482.png)
On Palo Alto.
![](https://tungle.ca/wp-content/uploads/2022/01/image-483.png)
![](https://tungle.ca/wp-content/uploads/2022/01/image-484-1024x767.png)
![](https://tungle.ca/wp-content/uploads/2022/01/image-485.png)
IKE Crypto.
![](https://tungle.ca/wp-content/uploads/2022/01/image-486.png)
IPSEC Crypto.
![](https://tungle.ca/wp-content/uploads/2022/01/image-487.png)
IKE Gateway.
![](https://tungle.ca/wp-content/uploads/2022/01/image-488.png)
![](https://tungle.ca/wp-content/uploads/2022/01/image-489.png)
IPSec tunnel.
![](https://tungle.ca/wp-content/uploads/2022/01/image-490.png)
![](https://tungle.ca/wp-content/uploads/2022/01/image-491.png)
Create a virtual route from PA to Fortinet.
![](https://tungle.ca/wp-content/uploads/2022/01/image-492.png)
Create two Security Policies to allow traffic from the “Trusted Zone” of PA to the “Trusted Zone” of Fortinet.
![](https://tungle.ca/wp-content/uploads/2022/01/image-496.png)
Configure Fortinet.
config system interface
edit port1
set mode dhcp
set allowaccess ping httpd http fgfm
next
end
show system interface
# show system interface to get IP Address from DHCP
Go to Webterm to configure Fortinet.
![](https://tungle.ca/wp-content/uploads/2022/01/image-493.png)
Configure a custom VPN Tunnel with the following information.
![](https://tungle.ca/wp-content/uploads/2022/01/image-494.png)
![](https://tungle.ca/wp-content/uploads/2022/01/image-495.png)
Configure a static route to allow traffic from Trusted Zone (192.168.20.0/24) on Fortinet to the Trusted Zone (192.168.10.0/24) on PA.
![](https://tungle.ca/wp-content/uploads/2022/01/image-497.png)
Create two Security policies to allow traffic from VPN to Trusted Zone and vice versa.
![](https://tungle.ca/wp-content/uploads/2022/01/image-498.png)
![](https://tungle.ca/wp-content/uploads/2022/01/image-499.png)
Ping and traceroute from a VM on Fortinet to another VM on Palo Alto.
![](https://tungle.ca/wp-content/uploads/2022/01/image-500.png)
Monitor IPSEC tunnel on Fortinet.
![](https://tungle.ca/wp-content/uploads/2022/01/image-501.png)
Monitor IPSEC tunnel on PA.
![](https://tungle.ca/wp-content/uploads/2022/01/image-502.png)