fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configure the FortiGate unit FortiClient dialup-client configurations<br />
4 Select Enable.<br />
5 Enter the following information and select OK:<br />
Type IPsec<br />
IP Range<br />
Network Mask<br />
Default Gateway<br />
Enter the range of VIP addresses that the DHCP server can<br />
dynamically assign to dialup clients when they connect. As a<br />
precaution, do not assign VIP addresses that match the private<br />
network behind the FortiGate unit.<br />
If you need to exclude specific IP addresses from the range,<br />
you can define an exclusion range (see Advanced... below).<br />
Note: If you will use a RADIUS server to assign VIP addresses,<br />
these fields are not needed.<br />
Enter the network mask of the IP addresses that you specified<br />
in the IP Range fields (for example, 255.255.255.0 for a<br />
class C network).<br />
Enter the IP address of the default gateway that the DHCP<br />
server assigns to DHCP clients.<br />
Select Use System DNS Setting.<br />
DNS Service If you want to use a different DNS server for VPN clients, select<br />
Specify and enter an IP address in DNS Server 0.<br />
Advanced... Select Advanced to configure any of the following options.<br />
Domain<br />
Lease Time<br />
IP Assignment<br />
Mode<br />
WINS Server 0<br />
WINS Server 1<br />
Options<br />
Exclude Ranges<br />
If you want the FortiGate unit to assign a domain name to<br />
dialup clients when they connect, enter the registered domain<br />
name.<br />
Specify a lease time:<br />
Select Unlimited to allow the dialup client to use the<br />
assigned IP address for an unlimited amount of time (that<br />
is, until the client disconnects).<br />
Enter the amount of time (in days, hours, and minutes) that<br />
the dialup client may use the assigned IP address, after<br />
which the dialup client must request new settings from the<br />
DHCP server. The range is from 5 minutes to 100 days.<br />
Server IP Range — assign addresses from IP Range (default)<br />
User-group defined method — assign addresses from user’s<br />
record on RADIUS server. See “Assigning VIPs by RADIUS<br />
user group” on page 119.<br />
Optionally, enter the IP addresses of one or two Windows<br />
Internet Service (WINS) servers that dialup clients can access<br />
after the tunnel has been established.<br />
Optionally, you can send up to three DHCP options to the<br />
dialup client. Select Options and enter the option code in the<br />
Code field, and if applicable, type any associated data in the<br />
Options field. For more information, see RFC 2132.<br />
To specify any VIP addresses that must be excluded from the<br />
VIP address range, select Exclude Ranges, select the + button<br />
and then type the starting and ending IP addresses. You can<br />
add multiple ranges to exclude.<br />
IPsec VPNs for FortiOS 4.0 MR3<br />
124 01-434-112804-20120111<br />
http://docs.fortinet.com/