fortigate-ipsec-40-mr3

More documents

Recommendations

Info

Partially-redundant route-based VPN example Redundant VPN configurations Name Route_A. Phase 1 Advanced Site_2_A Source Address 10.31.101.0/24 3 Select Create Phase 2, enter the following information and select OK: Name Route_B. Phase 1 Advanced Site_2_B Source Address 10.31.101.0/24 To configure routes 1 Go to Router > Static > Static Route. 2 Select Create New, enter the following information and then select OK: Destination IP/Mask 10.21.101.0/255.255.255.0 Device Site_2_A Distance 1 3 Select Create New, enter the following information and then select OK: Destination IP/Mask 10.21.101.0/255.255.255.0 Device Site_2_B Distance 2 To configure security policies 1 Go to Policy > Policy > Policy. 2 Select Create New, enter the following information, and select OK: Source Interface/Zone Internal Source Address Name All Destination Interface/Zone Site_2_A Destination Address Name All Schedule Always Service Any Action ACCEPT 3 Select Create New, enter the following information, and select OK: IPsec VPNs for FortiOS 4.0 MR3 172 01-434-112804-20120111 http://docs.fortinet.com/
Redundant VPN configurations Creating a backup IPsec interface Source Interface/Zone Internal Source Address Name All Destination Interface/Zone Site_2_B Destination Address Name All Schedule Always Service Any Action ACCEPT Creating a backup IPsec interface You can configure a route-based VPN that acts as a backup facility to another VPN. It is used only while your main VPN is out of service. This is desirable when the redundant VPN uses a more expensive facility. You can configure a backup IPsec interface only in the CLI. The backup feature works only on interfaces with static addresses that have dead peer detection enabled. The monitor-phase1 option creates a backup VPN for the specified phase 1 configuration. In the following example, backup_vpn is a backup for main_vpn. config vpn <strong>ipsec</strong> phase1-interface edit main_vpn set dpd on set interface port1 set nattraversal enable set psksecret "hard-to-guess" set remote-gw 192.168.10.8 set type static end edit backup_vpn set dpd on set interface port2 set monitor-phase1 main_vpn set nattraversal enable set psksecret "hard-to-guess" set remote-gw 192.168.10.8 set type static end FortiOS Handbook v3: IPsec VPNs 01-434-112804-20120111 173 http://docs.fortinet.com/
Page 1 and 2:
IPsec VPNs FortiOS Handbook v3 for
Page 3 and 4:
Contents FortiOS Handbook Introduct
Page 5 and 6:
Contents Outbound and inbound NAT.
Page 7 and 8:
Contents Configure the FortiGate un
Page 9 and 10:
Contents Site-to-site IPv6 over IPv
Page 11 and 12:
Introduction How this guide is orga
Page 13 and 14:
IPsec VPN concepts VPN tunnels Fort
Page 15 and 16:
IPsec VPN concepts VPN gateways Fig
Page 17 and 18:
IPsec VPN concepts Encryption Encry
Page 19 and 20:
IPsec VPN concepts Security Associa
Page 21 and 22:
IPsec VPN Overview Types of VPNs Ro
Page 23 and 24:
IPsec VPN Overview Planning your VP
Page 25 and 26:
FortiOS Handbook IPsec VPN in the w
Page 27 and 28:
IPsec VPN in the web-based manager
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
FortiOS Handbook Auto Key phase 1 p
Page 41 and 42:
Auto Key phase 1 parameters Choosin
Page 43 and 44:
Auto Key phase 1 parameters Authent
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Auto Key phase 1 parameters Definin
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Auto Key phase 1 parameters Using X
Page 57 and 58:
Phase 2 parameters Basic phase 2 se
Page 59 and 60:
Phase 2 parameters Advanced phase 2
Page 61 and 62:
Phase 2 parameters Configure the ph
Page 63 and 64:
FortiOS Handbook Defining VPN secur
Page 65 and 66:
Defining VPN security policies Defi
Page 67 and 68:
Defining VPN security policies Defi
Page 69 and 70:
FortiOS Handbook Gateway-to-gateway
Page 71 and 72:
Gateway-to-gateway configurations G
Page 73 and 74:
Gateway-to-gateway configurations C
Page 75 and 76:
Gateway-to-gateway configurations C
Page 77 and 78:
Gateway-to-gateway configurations H
Page 79 and 80:
Gateway-to-gateway configurations H
Page 81 and 82:
Gateway-to-gateway configurations T
Page 83 and 84:
Gateway-to-gateway configurations T
Page 85 and 86:
FortiOS Handbook Hub-and-spoke conf
Page 87 and 88:
Hub-and-spoke configurations Config
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Hub-and-spoke configurations Dynami
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
FortiOS Handbook Dynamic DNS config
Page 103 and 104:
Dynamic DNS configuration Dynamic D
Page 105 and 106:
Dynamic DNS configuration Configure
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
FortiOS Handbook FortiClient dialup
Page 117 and 118:
FortiClient dialup-client configura
Page 119 and 120:
FortiClient dialup-client configura
Page 121 and 122: FortiClient dialup-client configura
Page 133 and 134: FortiGate dialup-client configurati
Page 141 and 142: FortiOS Handbook Supporting IKE Mod
Page 143 and 144: Supporting IKE Mode config clients
Page 145 and 146: Supporting IKE Mode config clients
Page 147 and 148: FortiOS Handbook Internet-browsing
Page 149 and 150: Internet-browsing configuration Rou
Page 151 and 152: FortiOS Handbook Redundant VPN conf
Page 153 and 154: Redundant VPN configurations Config
Page 155 and 156: Redundant VPN configurations Redund
Page 167 and 168: Redundant VPN configurations Partia
Page 169 and 170: Redundant VPN configurations Partia
Page 171: Redundant VPN configurations Partia
Page 175 and 176: FortiOS Handbook Transparent mode V
Page 177 and 178: Transparent mode VPNs Configuration
Page 179 and 180: Transparent mode VPNs Configure the
Page 181 and 182: Transparent mode VPNs Configure the
Page 183 and 184: FortiOS Handbook Manual-key configu
Page 185 and 186: Manual-key configurations Specify t
Page 187 and 188: IPv6 IPsec VPNs FortiOS Handbook Th
Page 189 and 190: IPv6 IPsec VPNs Site-to-site IPv6 o
Page 199 and 200: FortiOS Handbook L2TP and IPsec (Mi
Page 201 and 202: L2TP and IPsec (Microsoft VPN) Conf
Page 207 and 208: L2TP and IPsec (Microsoft VPN) Trou
Page 209 and 210: L2TP and IPsec (Microsoft VPN) Trou
Page 211 and 212: FortiOS Handbook GRE over IPsec (Ci
Page 213 and 214: GRE over IPsec (Cisco VPN) configur
Page 221 and 222: FortiOS Handbook Protecting OSPF wi
Page 223 and 224:
Protecting OSPF with IPsec OSPF ove
Page 225 and 226:
Protecting OSPF with IPsec OSPF ove
Page 227 and 228:
Protecting OSPF with IPsec Creating
Page 229 and 230:
FortiOS Handbook Hardware offloadin
Page 231 and 232:
Hardware offloading and acceleratio
Page 233 and 234:
Hardware offloading and acceleratio
Page 235 and 236:
FortiOS Handbook Monitoring and tro
Page 237 and 238:
Monitoring and troubleshooting Test
Page 239 and 240:
Monitoring and troubleshooting Logg
Page 241 and 242:
Monitoring and troubleshooting VPN
Page 243 and 244:
Index Numerics 3DES-Triple-DES, 51
Page 245 and 246:
IPcomp, 237 IPsec, 230 tunnel, 229
Page 247 and 248:
security association (SA), 230 secu
show all

fortigate-ipsec-40-mr3

Create successful ePaper yourself

Delete template?

Save as template?