FortiGate IPSec VPN User Guide - FirewallShop.com

More documents

Recommendations

Info

Partially-redundant route-based VPN example Redundant VPN configurations 4 Select the Edit icon for the WAN2 interface, enter the following information and then select OK: Addressing mode Manual IP/Netmask 172.16.20.2/255.255.255.0 To configure the IPSec interfaces (phase 1 configurations) 1 Go to VPN > IPSEC > Auto Key. 2 Select Create Phase 1, enter the following information, and select OK: Name Remote Gateway Local Interface Mode Authentication Method Pre-shared Key Peer Options Advanced Enable IPSec Interface Mode Dead Peer Detection Site_1_A Dialup User WAN1 Main Preshared Key Enter the preshared key. Accept any peer ID Select Select 3 Select Create Phase 1, enter the following information, and select OK: Name Remote Gateway Local Interface Mode Authentication Method Pre-shared Key Peer Options Advanced Enable IPSec Interface Mode Dead Peer Detection Site_1_B Dialup User WAN2 Main Preshared Key Enter the preshared key. Accept any peer ID Select Select To define the phase 2 configurations for the two VPNs 1 Go to VPN > IPSEC > Auto Key. 2 Select Create Phase 2, enter the following information and select OK: Name Phase 1 Route_A. Site_1_A 3 Select Create Phase 2, enter the following information and select OK: Name Phase 1 Route_B. Site_1_B FortiGate IPSec VPN Version 3.0 User Guide 100 01-30005-0065-20070716
Redundant VPN configurations Partially-redundant route-based VPN example To configure routes 1 Go to Router > Static. 2 Select Create New, enter the following default gateway information and then select OK: Destination IP/Mask 0.0.0.0/0.0.0.0 Device WAN1 Gateway 10.10.10.1 Distance 10 To configure firewall policies 1 Go to Firewall > Policy. 2 Select Create New, enter the following information, and select OK: Source Interface/Zone Source Address Name Destination Interface/Zone Destination Address Name Schedule Service Action Internal All Site_1_A All Always Any ACCEPT 3 Select Create New, enter the following information, and select OK: Source Interface/Zone Source Address Name Destination Interface/Zone Destination Address Name Schedule Service Action Internal All Site_1_B All Always Any ACCEPT Configuring FortiGate_2 The configuration for FortiGate_2 is similar to that of FortiGate_1. You must • configure the interface involved in the VPN • define the phase 1 configuration for the primary and redundant paths, creating a virtual IPSec interface for each one • define the phase 2 configurations for the primary and redundant paths, defining the internal network as the source address so that FortiGate_1 can automatically configure routing • configure the routes for the two IPSec interfaces, assigning the appropriate priorities • configure firewall policies between the internal interface and each of the virtual IPSec interfaces FortiGate IPSec VPN Version 3.0 User Guide 01-30005-0065-20070716 101
Page 1 and 2:
USER GUIDE FortiGate IPSec VPN Vers
Page 3 and 4:
Contents Contents Introduction ....
Page 5 and 6:
Contents Adding XAuth authenticatio
Page 7 and 8:
Contents Defining IKE negotiation p
Page 9 and 10:
Introduction About FortiGate IPSec
Page 11 and 12:
Introduction About this document
Page 13 and 14:
Introduction Fortinet documentation
Page 15 and 16:
Configuring IPSec VPNs IPSec VPN ov
Page 17 and 18:
Configuring IPSec VPNs General prep
Page 19 and 20:
Gateway-to-gateway configurations C
Page 21 and 22:
Gateway-to-gateway configurations G
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Gateway-to-gateway configurations H
Page 31 and 32:
Gateway-to-gateway configurations H
Page 33 and 34:
Hub-and-spoke configurations Config
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Hub-and-spoke configurations Dynami
Page 45 and 46:
Page 47 and 48:
Page 49 and 50: Dynamic DNS configurations Configur
Page 55 and 56: FortiClient dialup-client configura
Page 71 and 72: FortiGate dialup-client configurati
Page 79 and 80: Internet-browsing configuration Con
Page 81 and 82: Internet-browsing configuration Rou
Page 83 and 84: Redundant VPN configurations Config
Page 85 and 86: Redundant VPN configurations Config
Page 87 and 88: Redundant VPN configurations Redund
Page 99: Redundant VPN configurations Partia
Page 103 and 104: Redundant VPN configurations Partia
Page 105 and 106: Transparent mode VPNs Configuration
Page 107 and 108: Transparent mode VPNs Configuration
Page 109 and 110: Transparent mode VPNs Configure the
Page 111 and 112: Manual-key configurations Configura
Page 113 and 114: Manual-key configurations Specify t
Page 115 and 116: IPv6 IPSec VPNs Overview of IPv6 IP
Page 117 and 118: IPv6 IPSec VPNs Site-to-site IPv6 o
Page 127 and 128: Auto Key phase 1 parameters Overvie
Page 129 and 130: Auto Key phase 1 parameters Authent
Page 137 and 138: Auto Key phase 1 parameters Definin
Page 139 and 140: Auto Key phase 1 parameters Definin
Page 141 and 142: Auto Key phase 1 parameters Using X
Page 143 and 144: Phase 2 parameters Basic phase 2 se
Page 145: Phase 2 parameters Advanced phase 2
Page 148 and 149: Configure the phase 2 parameters Ph
Page 150 and 151:
Defining firewall policies Defining
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Monitoring VPN connections Monitori
Page 158 and 159:
Logging VPN events Monitoring and t
Page 160 and 161:
VPN troubleshooting tips Monitoring
Page 162 and 163:
Index Encryption Algorithm, Manual
Page 164 and 165:
Index remote peer authenticating wi
Page 166:
www.fortinet.com
show all

FortiGate IPSec VPN User Guide - FirewallShop.com

Create successful ePaper yourself

Delete template?

Save as template?