FortiGate IPSec VPN User Guide - FirewallShop.com

More documents

Recommendations

Info

Configuration example Gateway-to-gateway configurations 4 Place the policies in the policy list above any other policies having similar source and destination addresses. To configure the route for a route-based VPN 1 Go to Router > Static. 2 Select Create New, enter the following information, and then select OK: Configure FortiGate_2 Destination IP / Mask 192.168.22.0/24 Device FG1toFG2_Tunnel Gateway Leave as default: 0.0.0.0. Distance Leave this at its default. The configuration of FortiGate_2 is similar to that of FortiGate_1. You must: • Define the phase 1 parameters that FortiGate_2 needs to authenticate FortiGate_1 and establish a secure connection. • Define the phase 2 parameters that FortiGate_2 needs to create a VPN tunnel with FortiGate_1. • Create the firewall policy and define the scope of permitted services between the IP source and destination addresses. To define the phase 1 parameters 1 Go to VPN > IPSEC > Auto Key. 2 Select Create Phase 1, enter the following information, and select OK: Name Type a name for the VPN tunnel (for example, FG2toFG1_Tunnel). Remote Gateway Static IP Address IP Address 172.16.20.1 Local Interface Port 2 Mode Main Authentication Method Preshared Key Pre-shared Key Enter the preshared key. The value must be identical to the preshared key that you specified previously in the FortiGate_1 configuration. Peer Options Accept any peer ID Advanced Enable IPSec Interface Mode Enable to create a route-based VPN. Disable to create a policy-based VPN. This example shows both policy and route-based VPNs. FortiGate IPSec VPN Version 3.0 User Guide 26 01-30005-0065-20070716
Gateway-to-gateway configurations Configuration example To define the phase 2 parameters 1 Go to VPN > IPSEC > Auto Key. 2 Select Create Phase 2, enter the following information and select OK: Name Phase 1 Enter a name for the phase 2 configuration (for example, FG2toFG1_phase2). Select the gateway that you defined previously (for example, FG2toFG1_Tunnel). To define the IP address of the network behind FortiGate_2 1 Go to Firewall > Address. 2 Select Create New, enter the following information, and select OK: Address Name Enter an address name (for example, HR_Network). Subnet/IP Range 192.168.22.0/24 This is the IP address of the private network behind FortiGate_2. To define the IP address of the network behind FortiGate_1 1 Go to Firewall > Address. 2 Select Create New, enter the following information, and select OK: Address Name Subnet/IP Range Enter an address name (for example, Finance_Network). Enter the IP address of the private network behind FortiGate_1 (for example, 192.168.12.0/24). To define the firewall policy for a policy-based VPN 1 Go to Firewall > Policy. 2 Select Create New, enter the following information, and select OK: Source Interface/Zone Port 2 Source Address Name HR_Network Destination Interface/Zone Port 1 Destination Address Name Finance_Network Schedule As required. Service As required. Action IPSEC VPN Tunnel FG2toFG1_Tunnel Allow Inbound Enable Allow Outbound Enable Inbound NAT Disable 3 Place the policy in the policy list above any other policies having similar source and destination addresses. FortiGate IPSec VPN Version 3.0 User Guide 01-30005-0065-20070716 27
Page 1 and 2: USER GUIDE FortiGate IPSec VPN Vers
Page 3 and 4: Contents Contents Introduction ....
Page 5 and 6: Contents Adding XAuth authenticatio
Page 7 and 8: Contents Defining IKE negotiation p
Page 9 and 10: Introduction About FortiGate IPSec
Page 11 and 12: Introduction About this document
Page 13 and 14: Introduction Fortinet documentation
Page 15 and 16: Configuring IPSec VPNs IPSec VPN ov
Page 17 and 18: Configuring IPSec VPNs General prep
Page 19 and 20: Gateway-to-gateway configurations C
Page 21 and 22: Gateway-to-gateway configurations G
Page 23 and 24: Gateway-to-gateway configurations C
Page 25: Gateway-to-gateway configurations C
Page 29 and 30: Gateway-to-gateway configurations H
Page 31 and 32: Gateway-to-gateway configurations H
Page 33 and 34: Hub-and-spoke configurations Config
Page 43 and 44: Hub-and-spoke configurations Dynami
Page 49 and 50: Dynamic DNS configurations Configur
Page 55 and 56: FortiClient dialup-client configura
Page 71 and 72: FortiGate dialup-client configurati
Page 77 and 78:
FortiGate dialup-client configurati
Page 79 and 80:
Internet-browsing configuration Con
Page 81 and 82:
Internet-browsing configuration Rou
Page 83 and 84:
Redundant VPN configurations Config
Page 85 and 86:
Redundant VPN configurations Config
Page 87 and 88:
Redundant VPN configurations Redund
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Redundant VPN configurations Partia
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Transparent mode VPNs Configuration
Page 107 and 108:
Transparent mode VPNs Configuration
Page 109 and 110:
Transparent mode VPNs Configure the
Page 111 and 112:
Manual-key configurations Configura
Page 113 and 114:
Manual-key configurations Specify t
Page 115 and 116:
IPv6 IPSec VPNs Overview of IPv6 IP
Page 117 and 118:
IPv6 IPSec VPNs Site-to-site IPv6 o
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Auto Key phase 1 parameters Overvie
Page 129 and 130:
Auto Key phase 1 parameters Authent
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Auto Key phase 1 parameters Definin
Page 139 and 140:
Auto Key phase 1 parameters Definin
Page 141 and 142:
Auto Key phase 1 parameters Using X
Page 143 and 144:
Phase 2 parameters Basic phase 2 se
Page 145:
Phase 2 parameters Advanced phase 2
Page 148 and 149:
Configure the phase 2 parameters Ph
Page 150 and 151:
Defining firewall policies Defining
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Monitoring VPN connections Monitori
Page 158 and 159:
Logging VPN events Monitoring and t
Page 160 and 161:
VPN troubleshooting tips Monitoring
Page 162 and 163:
Index Encryption Algorithm, Manual
Page 164 and 165:
Index remote peer authenticating wi
Page 166:
www.fortinet.com
show all

FortiGate IPSec VPN User Guide - FirewallShop.com

Create successful ePaper yourself

Delete template?

Save as template?