FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Index<br />
Index<br />
A<br />
Accept peer ID in dialup group 136<br />
Accept this peer certificate group only 134<br />
Accept this peer certificate only 134<br />
Accept this peer ID 134<br />
address, IP address example 150<br />
aggregated subnets<br />
for hub-and-spoke <strong>VPN</strong> 34<br />
Allow inbound, encryption policy 150<br />
Allow outbound, encryption policy 150<br />
ambiguous routing<br />
resolving in <strong>FortiGate</strong> dialup-client configuration 72<br />
authenticating<br />
based on peer IDs 134<br />
IPsec <strong>VPN</strong> peers and clients 131<br />
through <strong>IPSec</strong> certificate 129<br />
through XAuth settings 141<br />
authenticating <strong>FortiGate</strong> unit<br />
with pre-shared key 130<br />
Authentication Algorithm, Manual Key 113<br />
Authentication Key, Manual Key 113<br />
authentication server, external<br />
for XAuth 141<br />
Autokey Keep Alive<br />
<strong>IPSec</strong> interface mode 147<br />
Autokey Keep Alive, Phase 2 145<br />
B<br />
backup <strong>VPN</strong> 104<br />
C<br />
Certificate Name, Phase 1 129<br />
certificate, <strong>IPSec</strong><br />
group 134<br />
Local ID setting 134<br />
using DN to establish access 132<br />
viewing local DN 133<br />
CLI<br />
using instead of web-based manager 10<br />
CLI <strong>com</strong>mands for <strong>VPN</strong> 10<br />
<strong>com</strong>ments, documentation 14<br />
concentrator, defining 37<br />
configuring<br />
dynamic DNS <strong>VPN</strong> 50<br />
FortiClient dialup-client <strong>VPN</strong> 59<br />
FortiClient in dialup-client <strong>VPN</strong> 64<br />
<strong>FortiGate</strong> dialup-client <strong>VPN</strong> 74<br />
<strong>FortiGate</strong> in dialup-client <strong>IPSec</strong> <strong>VPN</strong> 76<br />
gateway-to-gateway <strong>IPSec</strong> <strong>VPN</strong> 21<br />
hub-and-spoke <strong>IPSec</strong> <strong>VPN</strong> 33<br />
manual keys 112<br />
transparent mode <strong>IPSec</strong> <strong>VPN</strong> 109<br />
customer service 14<br />
D<br />
DDNS services, subscribing to 50<br />
Dead Peer Detection, Phase 1 139, 140, 141<br />
DH Group<br />
<strong>IPSec</strong> interface mode 147<br />
DH Group, Phase 1 137, 139<br />
DH Group, Phase 2 144<br />
DHCP relay<br />
in FortiClient dialup-client configuration 62<br />
in <strong>FortiGate</strong> dialup-client configuration 73<br />
DHCP server<br />
in FortiClient dialup-client configuration 63<br />
DHCP-<strong>IPSec</strong><br />
<strong>IPSec</strong> interface mode 147<br />
DHCP-<strong>IPSec</strong>, phase 2 145<br />
dialup-client <strong>IPSec</strong> configuration<br />
configuration steps for <strong>FortiGate</strong> dialup clients 74<br />
DHCP relay for FortiClient VIP 62<br />
DHCP server for FortiClient VIP 63<br />
dialup server for FortiClient dialup clients 59<br />
dialup server for <strong>FortiGate</strong> dialup clients 75<br />
<strong>FortiGate</strong> client configuration 76<br />
infrastructure requirements for FortiClient access<br />
58<br />
infrastructure requirements for <strong>FortiGate</strong> client access<br />
73<br />
Diffie-Hellman algorithm 137, 144<br />
DNS server, dynamic DNS configuration 49, 50<br />
documentation<br />
<strong>com</strong>menting on 14<br />
Fortinet 12<br />
domain name, dynamic DNS configuration 49, 51<br />
dynamic DNS configuration<br />
configuration steps 50<br />
domain name configuration 51<br />
infrastructure requirements 50<br />
overview 49<br />
remote <strong>VPN</strong> peer configuration 53<br />
supported DDNS services 50<br />
dynamic IP address<br />
for remote host 55<br />
<strong>FortiGate</strong> DDNS peer 49<br />
<strong>FortiGate</strong> dialup client 71<br />
E<br />
Enable perfect forward secrecy (PFS)<br />
<strong>IPSec</strong> interface mode 147<br />
Enable perfect forward secrecy (PFS), Phase 2 144<br />
Enable replay detection<br />
<strong>IPSec</strong> interface mode 147<br />
Enable replay detection, Phase 2 144<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
01-30005-0065-20070716 161