IPSec VPN
A Virtual Private Network (VPN) is an extension of a private network that encompasses links across shared or public networks such as the Internet. For example, a company that has two offices in different cities, each with its own private network, can use a VPN to create a secure tunnel between the offices. Similarly, a teleworker can use a VPN client for remote access to a private office network. In both cases, the secure connection appears to the user as a private network communication, even though the communication is over a public network.
Secure VPN connections are enabled by a combination of tunneling, data encryption, and authentication. Tunneling encapsulates data so that it can be transferred over the public network. Instead of being sent in its original format, the data frames are encapsulated within an additional header and then routed between tunnel endpoints. Upon arrival at the destination endpoint, the data is decapsulated and forwarded to its destination within the private network.
Encryption changes a data stream from clear text (something that a human or a program can interpret) to cipher text (something that cannot be interpreted). The information is encrypted and decrypted using mathematical algorithms known as keys.
Authentication provides a means to verify the origin of a packet and the integrity of its contents. Authentication is done using checksums calculated with keyed hash function algorithms.
This chapter provides an overview about how to configure FortiGate IPSec VPN. For a complete description of FortiGate VPN, see the FortiGate VPN Guide.
•Key management
•Manual key IPSec VPNs
•AutoIKE IPSec VPNs
•Managing digital certificates
•Configuring encrypt policies
•IPSec VPN concentrators
•Redundant IPSec VPNs
•Monitoring and Troubleshooting VPNs
231 |