Created on 11-16-2004 12:00 AM Edited on 12-16-2021 08:50 AM
Article
Description
|
Configuration steps for creating a VPN between a FortiGate unit and a Draytek device |
Components
|
All units, version 2.5 |
Steps or Commands
|
DRAYTEK configuration
model vigor2600 annex A firmware version : v2.5_UK
- MAIN MODE ONLY (cannot be configured) - DH2 only (cannot be configured) - MD5 hash function only (cannot be configured) - phase 2 key live is per default 3600 sec (cannot be configured)
- no nat traversal compliant - no DPD compliant
FortiGate-60 MR7 build 212 configuration:
set system interface wan2 mode static ip 80.176.126.251 255.255.255.248
set system route number 0 dst 80.176.169.213 255.255.255.255 gw1 80.176.126.249 dev1 wan2 set system route number 1 dst 172.17.0.0 255.255.0.0 gw1 80.176.126.249 dev1 wan2 set system route number 3 dst 0.0.0.0 0.0.0.0 gw1 80.176.116.33 dev1 wan1 gw2 80.176.126.249 dev2 wan2
set firewall address wan2 Homecall subnet 172.17.0.0 255.255.0.0 set firewall address internal local-private-lan subnet 172.16.0.0 255.255.0.0
# set vpn ipsec phase1 set vpn ipsec phase1 Homecall type static gw 80.176.169.213 proposal 3des-md5 keylife 28800 dhgrp 2 authmethod PSK 'xxxxxxx' keepalive 5 dpd disable peertype any xauthtype disable
# set vpn ipsec phase2 set vpn ipsec phase2 Homecall phase1name Homecall proposal 3des-md5 keylifeseconds 3600 dhgrp 1 replay enable concentrator none set vpn ipsec phase2 Homecall bindtoif wan2
# set firewall policy set firewall policy srcintf internal dstintf wan2 policyid 3 srcaddr local-private-lan dstaddr Homecall schedule Always service ANY action encrypt vpntunnel Homecall inbound allow outbound allow
Network diagram
172.16.0.0/16 .30 int *********** wan2 .251 80.176.126.248/28 .249 ********** ----------------------------* FGT-60 *----------------* router *--> *********** **********
172.17.0.0/16 .5 *********** 80.176.169.213 ----------------------------* DRAYTEK *----------> DSL ***********
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.