Created on 11-02-2004 12:00 AM Edited on 09-20-2023 06:40 AM By Anthony_E
Article
Description
|
This article describes how to configure a basic dialup pre-shared key VPN between a FortiGate-300 unit running FortiOS v2.50 and a computer running FortiClient v1.0. This procedure assumes some familiarity with FortiGate and FortiClient features and web-based managers and experience configuring VPNs.
|
Components
|
· FortiGate Antivirus Firewalls v2.50
· FortiClient Host Security v1.0
|
Steps
|
Figure 1: The test network
FortiGate setup
1. Configure the VPN settings for FortiClient, Phase 1, and Phase 2 of the VPN, as shown in Figures 2 and 3.
Figure 2: Phase 1 configuration Figure 3: Phase 2 configuration
2. 2. After Phase 1 and Phase 2 are created, create the Encrypt policy for the dialup user to connect. Figure 4 shows an example policy.
Figure 4: Example Encrypt policy
FortiClient setup
1. Open Forticlient console.
2. Go to VPN and select Add.
3. Define a connection name, remote gateway, and remote internal network.
4. Chose an authentication method: For this example we will use PreShared Key.
5. Define the same PreShared key as in the Fortigate-300.
6. Select Advanced.
7. Configure phase 1 (IKE) and phase 2 (IPSec) parameters and select OK.
Figure 5: FortiClient configuration
8. Go back to the Main VPN screen and select Test to diagnose the connection, or Connect to initiate the tunnel.
9. When Connect is chosen, you will see the IKE negotiation process, as shown in Figure 6.
Figure 6: IKE negotiation
10. Traffic will now be able to connect from the external “Dialup User” to the Internal network of the FortiGate-300.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.