Fortinet fortigate-100a Benutzerhandbuch
266
01-28007-0068-20041203
Fortinet Inc.
IPSec configuration procedures
VPN
VPN configuration procedures
The
uses a task-based approach to provide all of the
procedures needed to create different types of VPN configurations. The guide
contains the following chapters:
contains the following chapters:
• “Configuring IPSec VPNs” describes how to set up various IPSec VPN
configurations.
• “Configuring PPTP VPNs” describes how to configure a PPTP tunnel between a
FortiGate unit and a PPTP client.
• “Configuring L2TP VPNs” describes how to configure the FortiGate unit to operate
as an L2TP network server.
• “Monitoring and Testing VPN Tunnels” outlines some general monitoring and
testing procedures for VPNs.
IPSec configuration procedures
The following configuration procedures are common to all IPSec VPNs:
1
Define the phase 1 parameters that the FortiGate unit needs to authenticate remote
peers and establish a secure a connection. See
peers and establish a secure a connection. See
.
2
Define the phase 2 parameters that the FortiGate unit needs to create a VPN tunnel
with a remote peer. See
with a remote peer. See
3
Define source and destination addresses for the IP packets that are to be transported
through the VPN tunnel, and create the firewall encryption policy, which defines the
scope of permitted services between the IP source and destination addresses. See
through the VPN tunnel, and create the firewall encryption policy, which defines the
scope of permitted services between the IP source and destination addresses. See
.
Adding firewall policies for IPSec VPN tunnels
Firewall policies control all IP traffic passing between a source address and a
destination address. A firewall encryption policy is needed to allow the transmission of
encrypted packets, specify the permitted direction of VPN traffic, and select the VPN
tunnel that will be subject to the policy. A single encryption policy is needed to control
both inbound and outbound IP traffic through a VPN tunnel.
destination address. A firewall encryption policy is needed to allow the transmission of
encrypted packets, specify the permitted direction of VPN traffic, and select the VPN
tunnel that will be subject to the policy. A single encryption policy is needed to control
both inbound and outbound IP traffic through a VPN tunnel.
Before you define the policy, you must first specify the IP source and destination
addresses.
addresses.
To define an IP source address
1
Go to Firewall > Address and select Create New.
Note: Perform Steps 1 and 2 to have the FortiGate unit generate unique IPSec encryption and
authentication keys automatically. In situations where a remote VPN peer requires a specific
IPSec encryption and/or authentication key, you must configure the FortiGate unit to use
manual keys instead of performing Steps 1 and 2. For more information, see
authentication keys automatically. In situations where a remote VPN peer requires a specific
IPSec encryption and/or authentication key, you must configure the FortiGate unit to use
manual keys instead of performing Steps 1 and 2. For more information, see
.