Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate-800
  6. Technical note

Define The Firewall Encryption Policy - Fortinet FortiGate-800 Technical Note

Fortigate to cisco vpn 3000 concentrator interoperability
Hide thumbs Also See for FortiGate-800:

Advertisement

FortiGate to Cisco VPN 3000 Concentrator Interoperability

Define the firewall encryption policy

8
Remote Gateway
Advanced
3
Make a note of the Advanced authentication, encryption, and DH Group settings to
compare to corresponding VPN 3000 Concentrator settings.
4
Select OK.
Firewall policies control all IP traffic passing between a source address and a
destination address. A firewall encryption policy is needed to allow the transmission of
encrypted packets, specify the permitted direction of VPN traffic, and select the VPN
tunnel that will be subject to the policy. A single encryption policy is needed to control
both inbound and outbound IP traffic through a VPN tunnel.
Before you define the policy, you must first specify the IP source and destination
addresses. In a gateway-to-gateway configuration:
The source IP address corresponds to the private network behind the FortiGate
unit.
The destination IP address refers to the private network behind the VPN 3000
Concentrator.
To define the IP source address of the network behind the FortiGate unit
1
Go to Firewall > Address.
2
Select Create New, enter the following information, and select OK:
Address Name
IP Range/Subnet
To specify the destination address of IP packets delivered to the VPN 3000
Concentrator
1
Go to Firewall > Address.
2
Select Create New, enter the following information, and select OK:
Address Name
IP Range/Subnet
Select the gateway that you defined previously (for
example, Cisco3005).
Select these Advanced options:
Clear Enable replay detection. VPN 3000
Concentrators do not support replay detection, so
this option must not be enabled.
Set DH Group to 2. The corresponding VPN 3000
Concentrator setting must be identical to this
FortiGate setting.
Set Autokey Keep Alive to Enable.
Enter an address name (for example, Network_1).
Enter the IP address of the private network behind the
FortiGate unit (for example, 172.11.12.0/24).
Enter an address name (for example, Network_2).
Enter the IP address of the private network behind the
VPN 3000 Concentrator (for example,
10.180.2.0/24).
01-28007-0180-20050328
Fortinet Inc.

Advertisement

loading
Need help?

Need help?

Do you have a question about the FortiGate-800 and is the answer not in the manual?

Subscribe to Our Youtube Channel

Related Manuals for Fortinet FortiGate-800