FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
About this document<br />
Introduction<br />
Using the web-based manager and CLI to configure <strong>IPSec</strong> <strong>VPN</strong>s<br />
The <strong>FortiGate</strong> unit provides two user interfaces to configure operating parameters:<br />
the web-based manager, and the Command Line Interface (CLI).<br />
In the web-based manager:<br />
• <strong>IPSec</strong> <strong>VPN</strong> operating parameters are located on the following tabs:<br />
• <strong>VPN</strong> > IPSEC > Auto Key (IKE)<br />
• <strong>VPN</strong> > IPSEC > Manual Key<br />
• <strong>VPN</strong> > IPSEC > Concentrator<br />
• <strong>VPN</strong> > Certificates<br />
In the CLI, the following <strong>com</strong>mands are available to configure <strong>com</strong>parable <strong>VPN</strong><br />
settings:<br />
• config vpn ipsec phase1<br />
• config vpn ipsec phase1-interface<br />
• config vpn ipsec phase2<br />
• config vpn ipsec phase2-interface<br />
• config vpn ipsec manualkey<br />
• config vpn ipsec manualkey-interface<br />
• config vpn ipsec concentrator<br />
• config vpn ipsec forticlient<br />
• config vpn certificate<br />
• execute vpn certificate<br />
For detailed information about these CLI <strong>com</strong>mands, refer to the “vpn” and<br />
“execute” chapters of the <strong>FortiGate</strong> CLI Reference.<br />
About this document<br />
Where possible, this document explains how to configure <strong>VPN</strong>s using the webbased<br />
manager. A few options can be configured only through the CLI. You can<br />
also configure <strong>VPN</strong>s entirely through the CLI. For detailed information about CLI<br />
<strong>com</strong>mands, see the <strong>FortiGate</strong> CLI Reference.<br />
This document contains the following chapters:<br />
• Configuring <strong>IPSec</strong> <strong>VPN</strong>s provides a brief overview of <strong>IPSec</strong> technology and<br />
includes general information about how to configure <strong>IPSec</strong> <strong>VPN</strong>s using this<br />
guide.<br />
• Gateway-to-gateway configurations explains how to set up a basic gateway-togateway<br />
(site-to-site) <strong>IPSec</strong> <strong>VPN</strong>. In a gateway-to-gateway configuration, two<br />
<strong>FortiGate</strong> units create a <strong>VPN</strong> tunnel between two separate private networks.<br />
• Hub-and-spoke configurations describes how to set up hub-and-spoke <strong>IPSec</strong><br />
<strong>VPN</strong>s. In a hub-and-spoke configuration, connections to a number of remote<br />
peers and/or clients radiate from a single, central <strong>FortiGate</strong> hub.<br />
• Dynamic DNS configurations describes how to configure a site-to-site <strong>VPN</strong>, in<br />
which one <strong>FortiGate</strong> unit has a static IP address and the other <strong>FortiGate</strong> unit<br />
has a static domain name and a dynamic IP address.<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
10 01-30005-0065-20070716