FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configuration example<br />
Gateway-to-gateway configurations<br />
Mode<br />
Authentication Method<br />
Pre-shared Key<br />
Peer Options<br />
Advanced<br />
Enable <strong>IPSec</strong><br />
Interface Mode<br />
Main<br />
Preshared Key<br />
Enter the preshared key.<br />
Accept any peer ID<br />
Enable to create a route-based <strong>VPN</strong>.<br />
Disable to create a policy-based <strong>VPN</strong>.<br />
This example shows both policy and route-based <strong>VPN</strong>s.<br />
Define the phase 2 parameters on <strong>FortiGate</strong>_1<br />
The basic phase 2 settings associate <strong>IPSec</strong> phase 2 parameters with the phase 1<br />
configuration and specify the remote end point of the <strong>VPN</strong> tunnel. Before you<br />
define the phase 2 parameters, you need to reserve a name for the tunnel.<br />
To define the phase 2 parameters<br />
1 Go to <strong>VPN</strong> > IPSEC > Auto Key.<br />
2 Select Create Phase 2, enter the following information and select OK:<br />
Name<br />
Phase 1<br />
Enter a name for the phase 2 configuration (for<br />
example, FG1toFG2_phase2).<br />
Select the Phase 1 configuration that you defined<br />
previously (for example, FG1toFG2_Tunnel).<br />
Define the firewall policy on <strong>FortiGate</strong>_1<br />
Firewall policies control all IP traffic passing between a source address and a<br />
destination address.<br />
An <strong>IPSec</strong> firewall policy is needed to allow the transmission of encrypted packets,<br />
specify the permitted direction of <strong>VPN</strong> traffic, and select the <strong>VPN</strong> tunnel that will<br />
be subject to the policy. A single policy is needed to control both inbound and<br />
outbound IP traffic through a <strong>VPN</strong> tunnel.<br />
Before you define firewall policies, you must first specify the IP source and<br />
destination addresses. In a gateway-to-gateway configuration:<br />
• The IP source address corresponds to the private network behind the local<br />
<strong>FortiGate</strong> unit.<br />
• The IP destination address refers to the private network behind the remote<br />
<strong>VPN</strong> peer.<br />
To define the IP address of the network behind <strong>FortiGate</strong>_1<br />
1 Go to Firewall > Address.<br />
2 Select Create New, enter the following information, and select OK:<br />
Address Name<br />
Subnet/IP Range<br />
Enter an address name (for example,<br />
Finance_Network).<br />
Enter the IP address of the private network behind<br />
<strong>FortiGate</strong>_1 (for example, 192.168.12.0/24).<br />
To specify the address of the network behind <strong>FortiGate</strong>_2<br />
1 Go to Firewall > Address.<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
24 01-30005-0065-20070716