Contents

IPSec VPN

209

Key management

210

Manual Keys

210

Automatic Internet Key Exchange (AutoIKE) with pre-shared keys or certificates

210

Manual key IPSec VPNs

211

General configuration steps for a manual key VPN

211

Adding a manual key VPN tunnel

211

AutoIKE IPSec VPNs

213

General configuration steps for an AutoIKE VPN

213

Adding a phase 1 configuration for an AutoIKE VPN

213

Adding a phase 2 configuration for an AutoIKE VPN

217

Managing digital certificates

219

Obtaining a signed local certificate

219

Obtaining a CA certificate

223

Configuring encrypt policies

224

Adding a source address

225

Adding a destination address

225

Adding an encrypt policy

225

IPSec VPN concentrators

227

VPN concentrator (hub) general configuration steps

227

Adding a VPN concentrator

229

VPN spoke general configuration steps

230

Redundant IPSec VPNs

231

Configuring redundant IPSec VPN

231

Monitoring and Troubleshooting VPNs

233

Viewing VPN tunnel status

233

Viewing dialup VPN connection status

233

Testing a VPN

234

PPTP and L2TP VPN

235

Configuring PPTP

235

Configuring the FortiGate unit as a PPTP gateway

236

Configuring a Windows 98 client for PPTP

238

Configuring a Windows 2000 client for PPTP

239

Configuring a Windows XP client for PPTP

240

Configuring L2TP

241

Configuring the FortiGate unit as a L2TP gateway

242

Configuring a Windows 2000 client for L2TP

245

Configuring a Windows XP client for L2TP

246

10

Fortinet Inc.

Page 10
Image 10
Fortinet 400 manual IPSec VPN 209