FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configure the dynamically-addressed <strong>VPN</strong> peer<br />
Dynamic DNS configurations<br />
Action<br />
<strong>VPN</strong> Tunnel<br />
Select IPSEC.<br />
Select the name of the phase 1 configuration that you<br />
created in Step 1.<br />
Select Allow inbound to enable traffic from the remote<br />
network to initiate the tunnel.<br />
Select Allow outbound to enable traffic from the local<br />
network to initiate the tunnel.<br />
Route-based <strong>VPN</strong> firewall policies<br />
Define ACCEPT firewall policies to permit <strong>com</strong>munication between the private<br />
networks. To define a policy to permit the local <strong>FortiGate</strong> unit to initiate<br />
<strong>com</strong>munication, enter these settings in particular:<br />
Source Interface/Zone<br />
Source Address Name<br />
Destination Interface/Zone<br />
Destination Address Name<br />
Action<br />
NAT<br />
Select the interface that connects to the private network<br />
behind this <strong>FortiGate</strong> unit.<br />
Select the address name that you defined in Step 3 for the<br />
private network behind this <strong>FortiGate</strong> unit.<br />
Select the <strong>VPN</strong> Tunnel (<strong>IPSec</strong> Interface) you configured in<br />
Step 1.<br />
Select the address name that you defined in Step 3 for the<br />
private network behind the remote peer.<br />
Select ACCEPT.<br />
Disable.<br />
To permit the remote peer to initiate <strong>com</strong>munication, you need to define a firewall<br />
policy for <strong>com</strong>munication in that direction. Enter these settings in particular:<br />
Source Interface/Zone<br />
Source Address Name<br />
Destination Interface/Zone<br />
Destination Address Name<br />
Action<br />
NAT<br />
Select the <strong>VPN</strong> Tunnel (<strong>IPSec</strong> Interface) you configured in<br />
Step 1.<br />
Select the address name that you defined in Step 3 for the<br />
private network behind the remote peer.<br />
Select the interface that connects to the private network<br />
behind this <strong>FortiGate</strong> unit.<br />
Select the address name that you defined in Step 3 for the<br />
private network behind this <strong>FortiGate</strong> unit.<br />
Select ACCEPT.<br />
Disable.<br />
5 Place these policies in the policy list above any other policies having similar<br />
source and destination addresses.<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
52 01-30005-0065-20070716