FortiGate IPSec VPN User Guide - FirewallShop.com

More documents

Recommendations

Info

Dynamic spokes configuration example Hub-and-spoke configurations FortiGate IPSec VPN Version 3.0 User Guide 48 01-30005-0065-20070716
Dynamic DNS configurations Configuration overview Dynamic DNS configurations This section describes how to configure a site-to-site VPN, in which one FortiGate unit has a static IP address and the other FortiGate unit has a static domain name and a dynamic IP address. The following topics are included in this section: • Configuration overview • General configuration steps • Configure the dynamically-addressed VPN peer • Configure the fixed-address VPN peer Configuration overview In this type of scenario, one of the FortiGate units in a gateway-to-gateway configuration has a static domain name (for example, example.com) and a dynamic IP address. See FortiGate_2 in Figure 9. Whenever that FortiGate unit connects to the Internet (and possibly also at predefined intervals set by the ISP), the ISP may assign a different IP address to the FortiGate unit. Therefore, remote peers have to locate the FortiGate unit through DNS lookup. Figure 9: Example dynamic DNS configuration Site_1 Site_2 FortiGate_1 FortiGate_2 Internet 172.16.20.1 example.com DNS Server Dynamic DNS server When a remote peer (such as FortiGate_1 in Figure 9) initiates a connection to the domain name, a DNS server looks up and returns the IP address that matches the domain name. The remote peer uses the retrieved IP address to establish a connection with the FortiGate unit. To ensure that DNS servers are able to discover the current IP address associated with a FortiGate domain name, the FortiGate unit with the domain name subscribes to a dynamic DNS service. A dynamic DNS service ensures that any changes to IP addresses are propagated to all Internet DNS servers. FortiGate IPSec VPN Version 3.0 User Guide 01-30005-0065-20070716 49
Page 1 and 2: USER GUIDE FortiGate IPSec VPN Vers
Page 3 and 4: Contents Contents Introduction ....
Page 5 and 6: Contents Adding XAuth authenticatio
Page 7 and 8: Contents Defining IKE negotiation p
Page 9 and 10: Introduction About FortiGate IPSec
Page 11 and 12: Introduction About this document
Page 13 and 14: Introduction Fortinet documentation
Page 15 and 16: Configuring IPSec VPNs IPSec VPN ov
Page 17 and 18: Configuring IPSec VPNs General prep
Page 19 and 20: Gateway-to-gateway configurations C
Page 21 and 22: Gateway-to-gateway configurations G
Page 29 and 30: Gateway-to-gateway configurations H
Page 31 and 32: Gateway-to-gateway configurations H
Page 33 and 34: Hub-and-spoke configurations Config
Page 43 and 44: Hub-and-spoke configurations Dynami
Page 45 and 46: Hub-and-spoke configurations Dynami
Page 47: Hub-and-spoke configurations Dynami
Page 51 and 52: Dynamic DNS configurations Configur
Page 53 and 54: Dynamic DNS configurations Configur
Page 55 and 56: FortiClient dialup-client configura
Page 71 and 72: FortiGate dialup-client configurati
Page 79 and 80: Internet-browsing configuration Con
Page 81 and 82: Internet-browsing configuration Rou
Page 83 and 84: Redundant VPN configurations Config
Page 85 and 86: Redundant VPN configurations Config
Page 87 and 88: Redundant VPN configurations Redund
Page 99 and 100:
Redundant VPN configurations Partia
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Transparent mode VPNs Configuration
Page 107 and 108:
Transparent mode VPNs Configuration
Page 109 and 110:
Transparent mode VPNs Configure the
Page 111 and 112:
Manual-key configurations Configura
Page 113 and 114:
Manual-key configurations Specify t
Page 115 and 116:
IPv6 IPSec VPNs Overview of IPv6 IP
Page 117 and 118:
IPv6 IPSec VPNs Site-to-site IPv6 o
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Auto Key phase 1 parameters Overvie
Page 129 and 130:
Auto Key phase 1 parameters Authent
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Auto Key phase 1 parameters Definin
Page 139 and 140:
Auto Key phase 1 parameters Definin
Page 141 and 142:
Auto Key phase 1 parameters Using X
Page 143 and 144:
Phase 2 parameters Basic phase 2 se
Page 145:
Phase 2 parameters Advanced phase 2
Page 148 and 149:
Configure the phase 2 parameters Ph
Page 150 and 151:
Defining firewall policies Defining
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Monitoring VPN connections Monitori
Page 158 and 159:
Logging VPN events Monitoring and t
Page 160 and 161:
VPN troubleshooting tips Monitoring
Page 162 and 163:
Index Encryption Algorithm, Manual
Page 164 and 165:
Index remote peer authenticating wi
Page 166:
www.fortinet.com
show all

FortiGate IPSec VPN User Guide - FirewallShop.com

Create successful ePaper yourself

Delete template?

Save as template?