Article
|
Description
|
This article describes how to configure a basic dialup pre-shared key VPN between a FortiGate-300 unit running FortiOS v2.50 and a computer running FortiClient v1.0. This procedure assumes some familiarity with FortiGate and FortiClient features and web-based managers and experience configuring VPNs.
|
|
Components
|
· FortiGate Antivirus Firewalls v2.50
· FortiClient Host Security v1.0
|
|
Steps
|
Figure 1: The test network
FortiGate setup
1. Configure the VPN settings for FortiClient, Phase 1, and Phase 2 of the VPN, as shown in Figures 2 and 3.
Figure 2: Phase 1 configuration
Figure 3: Phase 2 configuration
2. After Phase 1 and Phase 2 are created, create the Encrypt policy for the dialup user to connect. Figure 4 shows an example policy.
Figure 4: Example Encrypt policy
FortiClient setup
1. Open Forticlient console.
2. Go to VPN and select Add.
3. Define a connection name, remote gateway, and remote internal network.
4. Chose an authentication method: For this example we will use PreShared Key.
5. Define the same PreShared key as in the Fortigate-300.
6. Select Advanced.
7. Configure phase 1 (IKE) and phase 2 (IPSec) parameters and select OK.
Figure 5: FortiClient configuration
8. Go back to the Main VPN screen and select Test to diagnose the connection, or Connect to initiate the tunnel.
9. When Connect is chosen, you will see the IKE negotiation process, as shown in Figure 6.
Figure 6: IKE negotiation
10. Traffic will now be able to connect from the external “Dialup User” to the Internal network of the FortiGate-300.
|
