FortiGate IPSec VPN User Guide - FirewallShop.com

More documents

Recommendations

Info

Redundant route-based VPN configuration example Redundant VPN configurations Service Action Any ACCEPT 7 Select Create New, enter the following information, and select OK: Source Interface/Zone Source Address Name Destination Interface/Zone Destination Address Name Schedule Service Action Site_1_C All Internal All Always Any ACCEPT 8 Select Create New, enter the following information, and select OK: Source Interface/Zone Source Address Name Destination Interface/Zone Destination Address Name Schedule Service Action Internal All Site_1_D All Always Any ACCEPT 9 Select Create New, enter the following information, and select OK: Source Interface/Zone Source Address Name Destination Interface/Zone Destination Address Name Schedule Service Action Site_1_D All Internal All Always Any ACCEPT Configuring FortiGate_2 The configuration for FortiGate_2 is very similar that of FortiGate_1. You must • configure the interfaces involved in the VPN • define the phase 1 configuration for each of the four possible paths, creating a virtual IPSec interface for each one • define the phase 2 configuration for each of the four possible paths • configure routes for the four IPSec interfaces, assigning the appropriate priorities • configure incoming and outgoing firewall policies between the internal interface and each of the virtual IPSec interfaces To configure the network interfaces 1 Go to System > Network > Interface. 2 Select the Edit icon for the Internal interface, enter the following information and then select OK: FortiGate IPSec VPN Version 3.0 User Guide 92 01-30005-0065-20070716
Redundant VPN configurations Redundant route-based VPN configuration example Addressing mode Manual IP/Netmask 192.168.22.0/255.255.255.0 3 Select the Edit icon for the WAN1 interface, enter the following information and then select OK: Addressing mode Manual IP/Netmask 10.10.20.2/255.255.255.0 4 Select the Edit icon for the WAN2 interface, enter the following information and then select OK: Addressing mode Manual IP/Netmask 172.16.30.2/255.255.255.0 To configure the IPSec interfaces (phase 1 configurations) 1 Go to VPN > IPSEC > Auto Key. 2 Select Create Phase 1, enter the following information, and select OK: Name Site_2_A Remote Gateway Static IP Address IP Address 10.10.10.2 Local Interface WAN1 Mode Main Authentication Method Preshared Key Pre-shared Key Enter the preshared key. Peer Options Accept any peer ID Advanced Enable IPSec Interface Mode Select Dead Peer Detection Select 3 Select Create Phase 1, enter the following information, and select OK: Name Site_2_B Remote Gateway Static IP Address IP Address 172.16.20.2 Local Interface WAN1 Mode Main Authentication Method Preshared Key Pre-shared Key Enter the preshared key. Peer Options Accept any peer ID Advanced Enable IPSec Interface Mode Select Dead Peer Detection Select 4 Select Create Phase 1, enter the following information, and select OK: FortiGate IPSec VPN Version 3.0 User Guide 01-30005-0065-20070716 93
Page 1 and 2:
USER GUIDE FortiGate IPSec VPN Vers
Page 3 and 4:
Contents Contents Introduction ....
Page 5 and 6:
Contents Adding XAuth authenticatio
Page 7 and 8:
Contents Defining IKE negotiation p
Page 9 and 10:
Introduction About FortiGate IPSec
Page 11 and 12:
Introduction About this document
Page 13 and 14:
Introduction Fortinet documentation
Page 15 and 16:
Configuring IPSec VPNs IPSec VPN ov
Page 17 and 18:
Configuring IPSec VPNs General prep
Page 19 and 20:
Gateway-to-gateway configurations C
Page 21 and 22:
Gateway-to-gateway configurations G
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Gateway-to-gateway configurations H
Page 31 and 32:
Gateway-to-gateway configurations H
Page 33 and 34:
Hub-and-spoke configurations Config
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42: Hub-and-spoke configurations Config
Page 43 and 44: Hub-and-spoke configurations Dynami
Page 49 and 50: Dynamic DNS configurations Configur
Page 55 and 56: FortiClient dialup-client configura
Page 71 and 72: FortiGate dialup-client configurati
Page 79 and 80: Internet-browsing configuration Con
Page 81 and 82: Internet-browsing configuration Rou
Page 83 and 84: Redundant VPN configurations Config
Page 85 and 86: Redundant VPN configurations Config
Page 87 and 88: Redundant VPN configurations Redund
Page 91: Redundant VPN configurations Redund
Page 99 and 100: Redundant VPN configurations Partia
Page 105 and 106: Transparent mode VPNs Configuration
Page 107 and 108: Transparent mode VPNs Configuration
Page 109 and 110: Transparent mode VPNs Configure the
Page 111 and 112: Manual-key configurations Configura
Page 113 and 114: Manual-key configurations Specify t
Page 115 and 116: IPv6 IPSec VPNs Overview of IPv6 IP
Page 117 and 118: IPv6 IPSec VPNs Site-to-site IPv6 o
Page 127 and 128: Auto Key phase 1 parameters Overvie
Page 129 and 130: Auto Key phase 1 parameters Authent
Page 137 and 138: Auto Key phase 1 parameters Definin
Page 139 and 140: Auto Key phase 1 parameters Definin
Page 141 and 142: Auto Key phase 1 parameters Using X
Page 143 and 144:
Phase 2 parameters Basic phase 2 se
Page 145:
Phase 2 parameters Advanced phase 2
Page 148 and 149:
Configure the phase 2 parameters Ph
Page 150 and 151:
Defining firewall policies Defining
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Monitoring VPN connections Monitori
Page 158 and 159:
Logging VPN events Monitoring and t
Page 160 and 161:
VPN troubleshooting tips Monitoring
Page 162 and 163:
Index Encryption Algorithm, Manual
Page 164 and 165:
Index remote peer authenticating wi
Page 166:
www.fortinet.com
show all

FortiGate IPSec VPN User Guide - FirewallShop.com

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?