Fortinet fortigate-200a Betriebsanweisung

To use Manual key IPSec VPNs, both ends of the VPN tunnel must be configured with 
matching encryption and authentication algorithms and with matching authentication 
and encryption keys and complementary security parameter index (SPI) settings. 

Add the a manual key configuration to both VPN peers. 
See 

Both configurations must be identical except for the local and remote SPIs.
See 

Add the firewall configuration required for the VPN.
See 

Firewall policies for IPSec VPN control all VPN traffic passing through the FortiGate 
unit. You add firewall policies for IPSec VPN in the same way as you add normal 
firewall policies. See 

 for information about firewall policies.

You can also use firewall policies for IPSec VPN to apply protection profiles to VPN 
traffic, to log IPSec VPN traffic, and to apply advanced features to IPSec VPN traffic 
such as traffic shaping and differentiated services.

Adding a firewall policy for an IPSec VPN involves creating an internal-> external 
policy, setting the policy action to ENCRYPT, and selecting the VPN tunnel that is to 
use the policy.

Only one firewall policy is required to enable two-way traffic. The Interface/Zone 
Source setting must correspond to an interface that is connected to a network or 
device behind the FortiGate unit, and the Interface/Zone Destination setting must 
correspond to an interface that is connected to the Internet, a remote network, a 
remote VPN peer, or a remote VPN client.

The source address is typically an IP address or a range of IP addresses behind the 
FortiGate unit. The source address controls the IP addresses that remote VPN peers 
and/or clients can access. To add a source address, see