Fortinet FortiGate-800 Technical Note
Fortigate to cisco vpn 3000 concentrator interoperability
Hide thumbs
Also See for FortiGate-800:
- Administration manual (392 pages) ,
- Installation and configuration manual (336 pages) ,
- Install manual (64 pages)
Advertisement
Quick Links
FortiGate to Cisco VPN 3000
Concentrator Interoperability
Technical Note
FortiGate to Cisco VPN 3000 Concentrator Interoperability Technical Note
Document Version: Version 1
Publication Date:
Description:
Product:
Document Number: 01-28007-0180-20050328
28 March 2005
This technical note demonstrates how to set up an IPSec VPN tunnel between a
FortiGate-800 Antivirus Firewall and a Cisco Systems VPN 3000 Concentrator. In
the configuration example, the two VPN peers use preshared keys to authenticate
each other.
FortiGate v2.80 MR7
VPN 3000 Concentrator Version 4.1.9.A
Fortinet Inc.
Advertisement
Related Manuals for Fortinet FortiGate-800
Summary of Contents for Fortinet FortiGate-800
- Page 1 Description: This technical note demonstrates how to set up an IPSec VPN tunnel between a FortiGate-800 Antivirus Firewall and a Cisco Systems VPN 3000 Concentrator. In the configuration example, the two VPN peers use preshared keys to authenticate each other.
- Page 2 No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet Inc. FortiGate to Cisco VPN 3000 Concentrator Interoperability Technical Note FortiGate v2.80 MR7...
-
Page 3: Table Of Contents
Contents Table of Contents Network topology ........................ 5 Infrastructure requirements ........................6 Configuring the FortiGate-800 .................... 6 Define the phase 1 parameters..................6 Define the phase 2 parameters..................7 Define the firewall encryption policy................8 Configuring the VPN 3000 Concentrator ................9 Monitoring and testing the VPN tunnel ................ - Page 4 Contents 01-28007-0180-20050328 Fortinet Inc.
-
Page 5: Network Topology
Computers on private Network_2 behind the VPN 3000 Concentrator can access private Network_1 through the FortiGate-800 unit. All traffic generated by computers on Network_2 is subject to a FortiGate firewall encryption policy. Figure 1: FortiGate-800 to VPN 3000 Concentrator IPSec VPN example... -
Page 6: Infrastructure Requirements
VPN 3000 Concentrator and establish a secure connection. For the purposes of this example, a preshared key will be used to authenticate the VPN 3000 Concentrator. The same preshared key must be specified at the FortiGate-800 and the VPN 3000 Concentrator. -
Page 7: Define The Phase 2 Parameters
FortiGate to Cisco VPN 3000 Concentrator Interoperability The key must contain at least 6 printable characters and should only be known by network administrators. For optimum protection against currently known attacks, the key should consist of a minimum of 16 randomly chosen alphanumeric characters. To define the phase 1 parameters Go to VPN >... -
Page 8: Define The Firewall Encryption Policy
Select Create New, enter the following information, and select OK: Address Name Enter an address name (for example, Network_2). IP Range/Subnet Enter the IP address of the private network behind the VPN 3000 Concentrator (for example, 10.180.2.0/24). 01-28007-0180-20050328 Fortinet Inc. -
Page 9: Configuring The Vpn 3000 Concentrator
FortiGate to Cisco VPN 3000 Concentrator Interoperability To define the firewall encryption policy Go to Firewall > Policy. Select Create New, enter the following information, and select OK: Interface/Zone Source Select the interface to the internal (private) network. For example, port1. Destination Select the interface to the external (public) network. - Page 10 FortiGate to Cisco VPN 3000 Concentrator Interoperability Enter the following information, and select Apply: Enable Select the option. Name Type a name for the LAN-to-LAN connection (for example, FortiGate-800). Interface Ethernet 2 (Public) (192.168.4.2) Connection Type Bi-directional Peers Type the IP address of the FortiGate interface to the external (public) network (for example, 192.168.100.99).
-
Page 11: Monitoring And Testing The Vpn Tunnel
FortiGate to Cisco VPN 3000 Concentrator Interoperability Monitoring and testing the VPN tunnel The FortiGate unit provides a number of tools for viewing and testing IPSec VPN tunnels: • You can display the IPSec VPN tunnel list to view the status of all IPSec VPN tunnels. - Page 12 FortiGate to Cisco VPN 3000 Concentrator Interoperability 01-28007-0180-20050328 Fortinet Inc.