FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Index<br />
IPv6 <strong>IPSec</strong> configurations (continued)<br />
phase 2 116<br />
routing 117<br />
K<br />
Keepalive Frequency, Phase 1 139, 140<br />
Keylife<br />
<strong>IPSec</strong> interface mode 147<br />
Keylife, Phase 1 137, 139<br />
Keylife, Phase 2 144<br />
L<br />
LDAP server, external<br />
for XAuth 141<br />
Local ID<br />
for certificates 134<br />
for peer IDs 135<br />
to identify <strong>FortiGate</strong> dialup clients 72<br />
Local SPI, Manual Key 112<br />
loging <strong>VPN</strong> events 158<br />
M<br />
manual key <strong>IPSec</strong> configuration<br />
configuration steps 112<br />
overview 111<br />
meshed <strong>VPN</strong> 20<br />
Mode, Phase 1 129, 131<br />
N<br />
NAT<br />
keepalive frequency 140<br />
traversal 140, 160<br />
Nat-traversal, Phase 1 139, 140<br />
negotiating<br />
<strong>IPSec</strong> phase 1 parameters 137<br />
<strong>IPSec</strong> phase 2 parameters 144<br />
network topology<br />
dynamic DNS 49<br />
FortiClient dialup-client 55<br />
<strong>FortiGate</strong> dialup-client 71<br />
fully meshed network 20<br />
gateway-to-gateway 19<br />
hub-and-spoke 33<br />
Internet-browsing 79<br />
manual key 111<br />
partially meshed network 20<br />
redundant-tunnel 83<br />
supported <strong>IPSec</strong> <strong>VPN</strong>s 16<br />
transparent mode <strong>VPN</strong> 105<br />
O<br />
Outbound NAT, encryption policy 150<br />
overlap<br />
resolving IP address 72<br />
resolving through <strong>FortiGate</strong> DHCP relay 72<br />
P<br />
P1 Proposal, Phase 1 137, 139<br />
P2 Proposal<br />
Phase 2 <strong>IPSec</strong> interface mode 147<br />
P2 Proposal, Phase 2 144<br />
partially meshed <strong>VPN</strong> 20<br />
peer ID<br />
assigning to <strong>FortiGate</strong> unit 135<br />
enabling 135<br />
Local ID setting 135<br />
perfect forward secrecy, enabling 144<br />
phase 1 parameters<br />
authenticating with certificates 129<br />
authenticating with preshared keys 130<br />
authentication method 131<br />
authentication options 131<br />
defining 127<br />
defining the tunnel ends 128<br />
IKE proposals 138<br />
main or aggressive mode 128<br />
negotiating 137<br />
overview 127<br />
peer identifiers 134<br />
user accounts 135<br />
phase 2 parameters<br />
autokey keep alive 145<br />
auto-negotiate 144<br />
configuring 146<br />
defining 143<br />
DHCP-<strong>IPSec</strong> 145<br />
keylife 144<br />
negotiating 144<br />
perfect forward secrecy (PFS) 144<br />
quick mode selectors 145<br />
replay detection 144<br />
planning <strong>VPN</strong> configuration 15<br />
policy server, <strong>VPN</strong><br />
configuring <strong>FortiGate</strong> unit as 62<br />
policy-based <strong>VPN</strong><br />
vs route-based 16<br />
pre-shared key<br />
authenticating <strong>FortiGate</strong> unit with 130<br />
Pre-shared Key, Phase 1 131<br />
Q<br />
Quick Mode Selector<br />
<strong>IPSec</strong> interface mode 148<br />
Quick mode selectors, Phase 2 145<br />
R<br />
RADIUS server, external<br />
for XAuth 141<br />
redundant <strong>VPN</strong>s<br />
configuration 84<br />
example, fully redundant configuration 87<br />
example, partially-redundant configuration 98<br />
overview 83<br />
remote client<br />
authenticating with certificates 129<br />
<strong>FortiGate</strong> dialup-client 71<br />
in Internet-browsing <strong>IPSec</strong> configuration 79<br />
Remote Gateway, Phase 1 129, 130<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
01-30005-0065-20070716 163