FortiGate-800 Installation and Configuration Guide Version 2.50

IPSec VPN

A Virtual Private Network (VPN) is an extension of a private network that encompasses links across shared or public networks such as the Internet. For example, a company that has two offices in different cities, each with its own private network, can use a VPN to create a secure tunnel between the offices. Similarly, a teleworker can use a VPN client for remote access to a private office network. In both cases, the secure connection appears to the user as a private network communication, even though the communication is over a public network.

Secure VPN connections are enabled by a combination of tunneling, data encryption, and authentication. Tunneling encapsulates data so that it can be transferred over the public network. Instead of being sent in its original format, the data frames are encapsulated within an additional header and then routed between tunnel endpoints. Upon arrival at the destination endpoint, the data is decapsulated and forwarded to its destination within the private network.

Encryption changes a data stream from clear text (something that a human or a program can interpret) to cipher text (something that cannot be interpreted). The information is encrypted and decrypted using mathematical algorithms known as keys.

Authentication provides a means to verify the origin of a packet and the integrity of its contents. Authentication is done using checksums calculated with keyed hash function algorithms.

This chapter provides an overview about how to configure FortiGate IPSec VPN. For a complete description of FortiGate VPN, see the FortiGate VPN Guide.

Key management

Manual key IPSec VPNs

AutoIKE IPSec VPNs

Managing digital certificates

Configuring encrypt policies

IPSec VPN concentrators

Redundant IPSec VPNs

Monitoring and Troubleshooting VPNs

FortiGate-800 Installation and Configuration Guide

231

Page 231
Image 231
Fortinet FortiGate-800 manual IPSec VPN, 231