Fortinet 400 10

Contents

10 Fortinet Inc.

IPSec VPN........................................................................................................... 209

Key management............................................................................... ............................. 210

Manual Keys ............................................................................................................... 210

Automatic Internet Key Exchange (AutoIKE) with pre-shared keys or certificates ..... 210

Manual key IPSec VPNs.................................................................... ............................. 211

General configuration steps for a manual key VPN................................. ................... 211

Adding a manual key VPN tunnel.. ............................................................................. 211

AutoIKE IPSec VPNs.................................. .................................................................... 213

General configuration steps for an AutoIKE VPN ....................................................... 213

Adding a phase 1 configuration for an AutoIKE VPN.................................................. 213

Adding a phase 2 configuration for an AutoIKE VPN.................................................. 217

Managing digital certificates............................................................................................ 219

Obtaining a signed local certificate ............................................................................. 219

Obtaining a CA certificate ........................................................................................... 223

Configuring encrypt policies............................................................................ ................ 224

Adding a source address.. .......................................................................................... 225

Adding a destination address................................................................................... ... 225

Adding an encrypt policy............................................................. ................................ 225

IPSec VPN concentrators..... .......................................................................................... 227

VPN concentrator (hub) general configuration steps..................................... ............. 227

Adding a VPN concentrator ........................................................................................ 229

VPN spoke general configuration steps................................................... ................... 230

Redundant IPSec VPNs.................................................................................................. 231

Configuring redundant IPSec VPN ............................................................................. 231

Monitoring and Troubleshooting VPNs.................... ....................................................... 233

Viewing VPN tunnel status................................................................................. ......... 233

Viewing dialup VPN connection status ....................................................................... 233

Testing a VPN...................................................... ....................................................... 234

PPTP and L2TP VPN.......................................................................................... 235

Configuring PPTP.............. ............................................................................................. 235

Configuring the FortiGate unit as a PPTP gateway .................................................... 236

Configuring a Windows 98 client for PPTP................. ................................................ 238

Configuring a Windows 2000 client for PPTP.......... ................................................... 239

Configuring a Windows XP client for PPTP ................................................................ 240

Configuring L2TP............................................... ............................................................. 241

Configuring the FortiGate unit as a L2TP gateway.................. ................................... 242

Configuring a Windows 2000 client for L2TP.............................................. ................ 245

Configuring a Windows XP client for L2TP................. ................................................ 246