Vpn configuration procedures, Ipsec configuration procedures, Adding firewall policies for ipsec vpn tunnels – Fortinet 100A User Manual

Page 266

Advertising
background image

266

01-28007-0068-20041203

Fortinet Inc.

IPSec configuration procedures

VPN

VPN configuration procedures

The

FortiGate VPN Guide

uses a task-based approach to provide all of the

procedures needed to create different types of VPN configurations. The guide
contains the following chapters:

• “Configuring IPSec VPNs” describes how to set up various IPSec VPN

configurations.

• “Configuring PPTP VPNs” describes how to configure a PPTP tunnel between a

FortiGate unit and a PPTP client.

• “Configuring L2TP VPNs” describes how to configure the FortiGate unit to operate

as an L2TP network server.

• “Monitoring and Testing VPN Tunnels” outlines some general monitoring and

testing procedures for VPNs.

General high-level procedures are presented here. For details, see the

FortiGate VPN

Guide

.

IPSec configuration procedures

The following configuration procedures are common to all IPSec VPNs:

1

Define the phase 1 parameters that the FortiGate unit needs to authenticate remote
peers and establish a secure a connection. See

“Phase 1” on page 246

.

2

Define the phase 2 parameters that the FortiGate unit needs to create a VPN tunnel
with a remote peer. See

“Phase 2” on page 250

.

3

Define source and destination addresses for the IP packets that are to be transported
through the VPN tunnel, and create the firewall encryption policy, which defines the
scope of permitted services between the IP source and destination addresses. See

“Adding firewall policies for IPSec VPN tunnels” on page 266

.

Adding firewall policies for IPSec VPN tunnels

Firewall policies control all IP traffic passing between a source address and a
destination address. A firewall encryption policy is needed to allow the transmission of
encrypted packets, specify the permitted direction of VPN traffic, and select the VPN
tunnel that will be subject to the policy. A single encryption policy is needed to control
both inbound and outbound IP traffic through a VPN tunnel.

Before you define the policy, you must first specify the IP source and destination
addresses.

To define an IP source address

1

Go to Firewall > Address and select Create New.

Note: Perform Steps 1 and 2 to have the FortiGate unit generate unique IPSec encryption and
authentication keys automatically. In situations where a remote VPN peer requires a specific
IPSec encryption and/or authentication key, you must configure the FortiGate unit to use
manual keys instead of performing Steps 1 and 2. For more information, see

“Manual key” on

page 253

.

Advertising
Popular Brands
Popular manuals