FortiGate Remote Access IPsec VPN

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome to this tutorial we are going to configure a Remote Access ipsec VPN tunnel to allow remote users access to corporate resources at HQ for the remote user to be authenticated over the VPN we will create a local user account and place it in a user group let's also create a firewall address for the local subnet at HQ the subnet is 10.1.1.0 forward slash 24. now let's begin with the VPN tunnel configuration give it a name and specify the remote Gateway as dial-up user enable mode config so that we can set the IP range from which IP addresses will be assigned to remote users leave the subnet mask for the IP range as 255.255.255.255. then enter the DNS server IP address enable split tunneling by enabling split tunneling only specified networks will be accessible by remote users through the encrypted VPN while all other traffic will have direct access to the internet select Ike version 1 and aggressive mode for the peer options select any peer ID in Phase 1 choose the required encryption and authentication algorithms we do not recommend the use of Des sha-1 or diffie-hellman group of five or less in a production environment for extended authentication type Select Auto server if you choose inherit from policy it means you will have to specify the user group in the remote access firewall policy however we will specify the remote users here instead leave the local and remote addresses for the phase 2 selectors at any any next we will create a firewall policy to Grant remote dial-up users access to the 10.1.1.0 24 Network in the firewall policy we will not specify any User Group since that has been specified in the VPN configuration finally let's configure our 40 client VPN and login from our remote PC you can download the 40 client VPN software from fortinet's support site configure the VPN on 40 client select ipsec VPN give it a descriptive name enter the remote Gateway IP and the pre-shared key under the VPN settings make sure Ike version 1 is selected aggressive mode is selected and the options is set to mode config Let The Phase 1 and 2 parameters match the ones configured on the four to get firewall now we are set it is time for testing before let's ping one of the IP addresses at HQ it is 10.1.1.254 enter the username and password to connect connection successful ping is going through user PC has been assigned an IP address from the IP range we configured for remote users on the 40 gate from the 40gate dashboard we can see that the Remote Access ipsec VPN tunnel is up also it is showing metrics for incoming and outgoing traffic from the 40 gate CLI let's check the VPN details congratulations you have successfully configured a Remote Access ipsec VPN thanks for watching our tutorial if you have any questions or need further assistance please feel free to leave a comment below don't forget to subscribe to our channel for more helpful tutorials see you next time

Info

Channel: Verifine Academy

Views: 8,294

Rating: undefined out of 5

Keywords: FortiGate, IPsec VPN, FortiGate IPsec, FortiGate IPsec Loopback, IPsec with Loopback Interface, Site-to-Site IPsec Loopback Interface, FortiGate Site-to-Site VPN, FortiGate IPsec VPN, Site-to-Site VPN with Loopback, IPsec VPN with Loopback

Id: bI2G2CTW144

Channel Id: undefined

Length: 6min 37sec (397 seconds)

Published: Wed Jun 07 2023