FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Configuration example<br />
Gateway-to-gateway configurations<br />
4 Place the policies in the policy list above any other policies having similar source<br />
and destination addresses.<br />
To configure the route for a route-based <strong>VPN</strong><br />
1 Go to Router > Static.<br />
2 Select Create New, enter the following information, and then select OK:<br />
Configure <strong>FortiGate</strong>_2<br />
Destination IP / Mask 192.168.22.0/24<br />
Device<br />
FG1toFG2_Tunnel<br />
Gateway Leave as default: 0.0.0.0.<br />
Distance<br />
Leave this at its default.<br />
The configuration of <strong>FortiGate</strong>_2 is similar to that of <strong>FortiGate</strong>_1. You must:<br />
• Define the phase 1 parameters that <strong>FortiGate</strong>_2 needs to authenticate<br />
<strong>FortiGate</strong>_1 and establish a secure connection.<br />
• Define the phase 2 parameters that <strong>FortiGate</strong>_2 needs to create a <strong>VPN</strong> tunnel<br />
with <strong>FortiGate</strong>_1.<br />
• Create the firewall policy and define the scope of permitted services between<br />
the IP source and destination addresses.<br />
To define the phase 1 parameters<br />
1 Go to <strong>VPN</strong> > IPSEC > Auto Key.<br />
2 Select Create Phase 1, enter the following information, and select OK:<br />
Name<br />
Type a name for the <strong>VPN</strong> tunnel (for example,<br />
FG2toFG1_Tunnel).<br />
Remote Gateway Static IP Address<br />
IP Address 172.16.20.1<br />
Local Interface Port 2<br />
Mode<br />
Main<br />
Authentication Method Preshared Key<br />
Pre-shared Key<br />
Enter the preshared key. The value must be identical to<br />
the preshared key that you specified previously in the<br />
<strong>FortiGate</strong>_1 configuration.<br />
Peer Options<br />
Accept any peer ID<br />
Advanced<br />
Enable <strong>IPSec</strong><br />
Interface Mode<br />
Enable to create a route-based <strong>VPN</strong>.<br />
Disable to create a policy-based <strong>VPN</strong>.<br />
This example shows both policy and route-based<br />
<strong>VPN</strong>s.<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
26 01-30005-0065-20070716