fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
FortiGate dialup-client configuration steps FortiGate dialup-client configurations<br />
Computers on the private network behind the FortiGate dialup client can obtain IP<br />
addresses either from a DHCP server behind the FortiGate dialup client, or a DHCP<br />
server behind the FortiGate dialup server.<br />
If the DHCP server resides on the network behind the dialup client, the DHCP<br />
server must be configured to assign IP addresses that do not match the private<br />
network behind the FortiGate dialup server.<br />
If the DHCP server resides on the network behind the FortiGate dialup server, the<br />
DHCP server must be configured to assign IP addresses that do not match the<br />
private network behind the FortiGate dialup client.<br />
FortiGate dialup-client configuration steps<br />
The procedures in this section assume that computers on the private network behind the<br />
FortiGate dialup client obtain IP addresses from a local DHCP server. The assigned IP<br />
addresses do not match the private network behind the FortiGate dialup server.<br />
In situations where IP-address overlap between the local and remote private networks is<br />
likely to occur, FortiGate DHCP relay can be configured on the FortiGate dialup client to<br />
relay DHCP requests to a DHCP server behind the FortiGate dialup server. For more<br />
information, see “To configure DHCP relay on the FortiGate unit” on page 123.<br />
Configuring dialup client capability for FortiGate dialup clients involves the following<br />
general configuration steps:<br />
Determine which IP addresses to assign to the private network behind the FortiGate<br />
dialup client, and add the IP addresses to the DHCP server behind the FortiGate<br />
dialup client. Refer to the software supplier’s documentation to configure the DHCP<br />
server.<br />
Configure the FortiGate dialup server. See “Configure the server to accept FortiGate<br />
dialup-client connections” on page 136.<br />
Configure the FortiGate dialup client. See “Configure the FortiGate dialup client” on<br />
page 138.<br />
Configure the server to accept FortiGate dialup-client connections<br />
Before you begin, optionally reserve a unique identifier (peer ID) for the FortiGate dialup<br />
client. The dialup client will supply this value to the FortiGate dialup server for<br />
authentication purposes during the IPsec phase 1 exchange. In addition, the value will<br />
enable you to distinguish FortiGate dialup-client connections from FortiClient dialupclient<br />
connections. The same value must be specified on the dialup server and on the<br />
dialup client.<br />
1 At the FortiGate dialup server, define the phase 1 parameters needed to authenticate<br />
the FortiGate dialup client and establish a secure connection. See “Auto Key phase 1<br />
parameters” on page 39. Enter these settings in particular:<br />
Name<br />
Enter a name to identify the VPN tunnel. This name appears in<br />
phase 2 configurations, security policies and the VPN monitor.<br />
Remote Gateway Select Dialup User.<br />
Local Interface<br />
Select the interface through which clients connect to the<br />
FortiGate unit.<br />
IPsec VPNs for FortiOS 4.0 MR3<br />
136 01-434-112804-20120111<br />
http://docs.fortinet.com/