fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Configure the FortiGate dialup client FortiGate dialup-client configurations<br />
Policy-based VPN security policy<br />
Define an IPsec security policy. Enter these settings in particular:<br />
Source Interface/Zone<br />
1 Place the policy in the policy list above any other policies having similar source and<br />
destination addresses.<br />
2 If configuring a route-based policy, configure a default route for VPN traffic on this<br />
interface.<br />
Configure the FortiGate dialup client<br />
Select the interface that connects to the private<br />
network behind this FortiGate unit.<br />
Select the address name that you defined in Step 3 for<br />
Source Address Name<br />
the private network behind this FortiGate unit.<br />
Destination Interface/Zone Select the FortiGate unit’s public interface.<br />
Destination Address Name Select the address name that you defined in Step 3.<br />
Action Select IPSEC.<br />
VPN Tunnel<br />
Select the name of the phase 1 configuration that you<br />
created in Step 1.<br />
Select Allow inbound to enable traffic from the remote<br />
network to initiate the tunnel.<br />
Clear Allow outbound to prevent traffic from the local<br />
network from initiating the tunnel after the tunnel has<br />
been established.<br />
Configure the FortiGate dialup client as follows:<br />
1 At the FortiGate dialup client, define the phase 1 parameters needed to authenticate<br />
the dialup server and establish a secure connection. See “Auto Key phase 1<br />
parameters” on page 39. Enter these settings in particular:<br />
Name Enter a name to identify the VPN tunnel.<br />
Remote<br />
Gateway<br />
Select Static IP Address.<br />
IP Address Type the IP address of the dialup server’s public interface.<br />
Local<br />
Interface<br />
Select the interface that connects to the public network.<br />
Mode<br />
The FortiGate dialup client has a dynamic IP address, select<br />
Aggressive.<br />
Advanced Select to view the following options.<br />
Local ID<br />
If you defined a peer ID for the dialup client in the FortiGate dialup<br />
server configuration, enter the identifier of the dialup client. The value<br />
must be identical to the peer ID that you specified previously in the<br />
FortiGate dialup server configuration.<br />
IPsec VPNs for FortiOS 4.0 MR3<br />
138 01-434-112804-20120111<br />
http://docs.fortinet.com/