FortiGate IPSec VPN User Guide - FirewallShop.com

More documents

Recommendations

Info

Contents Manual-key configurations .......................................................... 111 Configuration overview................................................................................. 111 Specify the manual keys for creating a tunnel .......................................... 112 IPv6 IPSec VPNs ............................................................................ 115 Overview of IPv6 IPSec support................................................................... 115 Certificates ................................................................................................ 116 Configuring IPv6 IPSec VPNs....................................................................... 116 Phase 1 configuration ............................................................................... 116 Phase 2 configuration ............................................................................... 116 Firewall policies......................................................................................... 116 Routing...................................................................................................... 117 Site-to-site IPv6 over IPv6 VPN example..................................................... 117 Configure FortiGate A interfaces .............................................................. 117 Configure FortiGate A IPSec settings ....................................................... 118 Configure FortiGate A firewall policies...................................................... 118 Configure FortiGate A routing ................................................................... 119 Configure FortiGate B ............................................................................... 119 Site-to-site IPv4 over IPv6 VPN example..................................................... 120 Configure FortiGate A interfaces .............................................................. 120 Configure FortiGate A IPSec settings ....................................................... 121 Configure FortiGate A firewall policies...................................................... 121 Configure FortiGate A routing ................................................................... 122 Configure FortiGate B ............................................................................... 122 Site-to-site IPv6 over IPv4 VPN example..................................................... 124 Configure FortiGate A interfaces .............................................................. 124 Configure FortiGate A IPSec settings ....................................................... 124 Configure FortiGate A firewall policies...................................................... 125 Configure FortiGate A routing ................................................................... 125 Configure FortiGate B ............................................................................... 125 Auto Key phase 1 parameters ..................................................... 127 Overview......................................................................................................... 127 Defining the tunnel ends............................................................................... 128 Choosing main mode or aggressive mode ................................................. 128 Authenticating the FortiGate unit ................................................................ 129 Authenticating the FortiGate unit with digital certificates .......................... 129 Authenticating the FortiGate unit with a pre-shared key ........................... 130 Authenticating remote peers and clients ................................................... 131 Enabling VPN access for specific certificate holders ............................... 132 Before you begin ................................................................................ 132 Enabling VPN access by peer identifier.................................................... 134 Enabling VPN access using user accounts and pre-shared keys............. 135 FortiGate IPSec VPN Version 3.0 User Guide 6 01-30005-0065-20070716
Contents Defining IKE negotiation parameters........................................................... 137 Generating keys to authenticate an exchange ......................................... 137 Defining IKE negotiation parameters ........................................................ 138 Defining the remaining phase 1 options ..................................................... 140 NAT traversal ........................................................................................... 140 NAT keepalive frequency ......................................................................... 140 Dead peer detection ................................................................................. 141 Using XAuth authentication.......................................................................... 141 Using the FortiGate unit as an XAuth server............................................. 141 Authenticating the FortiGate unit as a client with XAuth ........................... 142 Phase 2 parameters ...................................................................... 143 Basic phase 2 settings.................................................................................. 143 Advanced phase 2 settings .......................................................................... 143 P2 Proposal............................................................................................... 144 Replay detection ....................................................................................... 144 Perfect forward secrecy ............................................................................ 144 Keylife ....................................................................................................... 144 Auto-negotiate........................................................................................... 144 Autokey Keep Alive ................................................................................... 145 DHCP-IPSec ............................................................................................ 145 Quick mode selectors ............................................................................... 145 Configure the phase 2 parameters............................................................... 146 Specifying the phase 2 parameters .......................................................... 146 Defining firewall policies............................................................... 149 Defining firewall addresses .......................................................................... 149 Defining firewall policies............................................................................... 150 Defining an IPSec firewall policy for a policy-based VPN ......................... 150 Before you begin .............................................................................. 151 Defining multiple IPSec policies for the same tunnel ......................... 152 Defining firewall policies for a route-based VPN ....................................... 153 Monitoring and testing VPNs ........................................................ 155 Monitoring VPN connections........................................................................ 155 Monitoring connections to remote peers ................................................... 155 Monitoring dialup IPSec connections ........................................................ 156 Monitoring IKE sessions............................................................................... 157 Testing VPN connections ............................................................................. 157 Logging VPN events...................................................................................... 158 VPN troubleshooting tips.............................................................................. 159 A word about NAT devices........................................................................ 160 Index................................................................................................ 161 FortiGate IPSec VPN Version 3.0 User Guide 01-30005-0065-20070716 7
Page 1 and 2: USER GUIDE FortiGate IPSec VPN Vers
Page 3 and 4: Contents Contents Introduction ....
Page 5: Contents Adding XAuth authenticatio
Page 9 and 10: Introduction About FortiGate IPSec
Page 11 and 12: Introduction About this document
Page 13 and 14: Introduction Fortinet documentation
Page 15 and 16: Configuring IPSec VPNs IPSec VPN ov
Page 17 and 18: Configuring IPSec VPNs General prep
Page 19 and 20: Gateway-to-gateway configurations C
Page 21 and 22: Gateway-to-gateway configurations G
Page 29 and 30: Gateway-to-gateway configurations H
Page 31 and 32: Gateway-to-gateway configurations H
Page 33 and 34: Hub-and-spoke configurations Config
Page 43 and 44: Hub-and-spoke configurations Dynami
Page 49 and 50: Dynamic DNS configurations Configur
Page 55 and 56: FortiClient dialup-client configura
Page 57 and 58:
FortiClient dialup-client configura
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
FortiGate dialup-client configurati
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Internet-browsing configuration Con
Page 81 and 82:
Internet-browsing configuration Rou
Page 83 and 84:
Redundant VPN configurations Config
Page 85 and 86:
Redundant VPN configurations Config
Page 87 and 88:
Redundant VPN configurations Redund
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Redundant VPN configurations Partia
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Transparent mode VPNs Configuration
Page 107 and 108:
Transparent mode VPNs Configuration
Page 109 and 110:
Transparent mode VPNs Configure the
Page 111 and 112:
Manual-key configurations Configura
Page 113 and 114:
Manual-key configurations Specify t
Page 115 and 116:
IPv6 IPSec VPNs Overview of IPv6 IP
Page 117 and 118:
IPv6 IPSec VPNs Site-to-site IPv6 o
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Auto Key phase 1 parameters Overvie
Page 129 and 130:
Auto Key phase 1 parameters Authent
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Auto Key phase 1 parameters Definin
Page 139 and 140:
Auto Key phase 1 parameters Definin
Page 141 and 142:
Auto Key phase 1 parameters Using X
Page 143 and 144:
Phase 2 parameters Basic phase 2 se
Page 145:
Phase 2 parameters Advanced phase 2
Page 148 and 149:
Configure the phase 2 parameters Ph
Page 150 and 151:
Defining firewall policies Defining
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Monitoring VPN connections Monitori
Page 158 and 159:
Logging VPN events Monitoring and t
Page 160 and 161:
VPN troubleshooting tips Monitoring
Page 162 and 163:
Index Encryption Algorithm, Manual
Page 164 and 165:
Index remote peer authenticating wi
Page 166:
www.fortinet.com
show all

FortiGate IPSec VPN User Guide - FirewallShop.com

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?