Configuring IPsec VPN with a FortiGate and a Cisco ASA



Similar documents
Configuring IPsec VPN between a FortiGate and Microsoft Azure

Using IPsec VPN to provide communication between offices

Creating a VPN with overlapping subnets

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Configuring a FortiGate unit as an L2TP/IPsec server

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Connecting an Android to a FortiGate with SSL VPN

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Configuring a VPN for Dynamic IP Address Connections

Scenario: Remote-Access VPN Configuration

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

How To Industrial Networking

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Chapter 4 Virtual Private Networking

Windows XP VPN Client Example

Scenario: IPsec Remote-Access VPN Configuration

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router:

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Configuring IPsec between a Microsoft Windows XP Professional (1 NIC) and the VPN router

How to access peers with different VPN through IPSec. Tunnel

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

ZyWALL USG-Series. How to setup a Site-to-site VPN connection between two ZyWALL USG series.

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

VNS3 to Cisco ASA Instructions. ASDM 9.2 IPsec Configuration Guide

How To Configure An Ipsec Tunnel On A Network With A Network Gateways (Dfl-800) On A Pnet 2.5V2.5 (Dlf-600) On An Ipse Vpn

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Chapter 8 Virtual Private Networking

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Using VDOMs to host two FortiOS instances on a single FortiGate unit

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Route Based Virtual Private Network

VPN Tracker for Mac OS X

TechNote. Configuring SonicOS for Amazon VPC

VPN. VPN For BIPAC 741/743GE

Cisco QuickVPN Installation Tips for Windows Operating Systems

Configure IPSec VPN Tunnels With the Wizard

Configure VPN between ProSafe VPN Client Software and FVG318

FortiOS Handbook IPsec VPN for FortiOS 5.0

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

VPN SECURITY POLICIES

Chapter 5 Virtual Private Networking Using IPsec

VPN Wizard Default Settings and General Information

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

Nokia Mobile VPN How to configure Nokia Mobile VPN for Cisco ASA with PSK/xAuth authentication

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

Configuring SSH Sentinel VPN client and D-Link DFL-500 Firewall

Connecting Remote Offices by Setting Up VPN Tunnels

VPN L2TP Application. Installation Guide

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

GNAT Box VPN and VPN Client

Setting up D-Link VPN Client to VPN Routers

How To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Chapter 6 Virtual Private Networking

Workflow Guide. Establish Site-to-Site VPN Connection using Digital Certificates. For Customers with Sophos Firewall Document Date: November 2015

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

VPNC Interoperability Profile

VPN Tracker for Mac OS X

Chapter 6 Basic Virtual Private Networking

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.

How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

This topic discusses Cisco Easy VPN, its two components, and its modes of operation. Cisco VPN Client > 3.x

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

VPN PPTP Application. Installation Guide

Technical Document. Creating a VPN. GTA Firewall to WatchGuard Firebox SOHO 6 TD: GB-WGSOHO6

What information will you find in this document?

Configuration Professional: Site to Site IPsec VPN Between Two IOS Routers Configuration Example

Configuring a VPN between a Sidewinder G2 and a NetScreen

DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

FortiOS Handbook - IPsec VPN VERSION 5.2.2

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Application Notes. How to Configure UTM with Apple OSX and ios Devices for IPsec VPN

Configuration Procedure

ISG50 Application Note Version 1.0 June, 2011

IPsec VPN Application Guide REV:

VPN Configuration Guide WatchGuard Fireware XTM

SingTel VPN as a Service. Quick Start Guide

TechNote. Configuring SonicOS for MS Windows Azure

Gateway to Gateway VPN Connection

SSL Certificate Based VPN

Industrial Classed H685 H820 Cellular Router User Manual for VPN setting

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

IPSec Pass through via Gateway to Gateway VPN Connection

Transcription:

Configuring IPsec VPN with a FortiGate and a Cisco ASA The following recipe describes how to configure a site-to-site IPsec VPN tunnel. In this example, one site is behind a FortiGate and another site is behind a Cisco ASA. Using FortiOS 5.0 and Cisco ASDM 6.4, the example demonstrates how to configure the tunnel between each site, avoiding overlapping subnets, so that a secure tunnel can be established with the desired security profiles applied. The procedure assumes that both devices are configured with appropriate internal and external interfaces. 1. Configuring the Cisco device using the IPsec VPN Wizard 2. Configuring the FortiGate tunnel phases 3. Configuring the FortiGate policies 4. Configuring the static route in the FortiGate 5. Results Site 1 Site 2 FortiGate IPsec VPN Internet IPsec VPN CISCO ASA LAN LAN

Configuring the Cisco device using the IPsec VPN Wizard In the Cisco ASDM, under the Wizard menu, select IPsec VPN Wizard. From the options that appear, select Site-tosite, with the VPN Tunnel Interface set to outside, then click Next. In the Peer IP Address field, enter the IP address of the FortiGate unit through which the SSL VPN traffic will flow. Under Authentication Method, enter a secure Pre-Shared Key. You will use the same key when configuring the FortiGate tunnel phases. Choose something more secure than Password. When you are satisfied, click Next.

The next steps in the IPsec VPN Wizard is to establish the tunnel phases 1 and 2. The encryption settings established here must match the encryption settings configured later in the FortiGate. Configure Phase 1 with AES-256 Encryption and SHA Authentication. Set the Diffie-Hellman Group to 5. Configure Phase 2 with AES-256 Encryption and SHA Authentication. Enable PFS and set the Diffie-Hellman Group to 2. Click Next. Set the Local Network and Remote Network. Click Next and review the configuration before you click Finish. The tunnel configuration on the Cisco ASA is complete. Now you must configure the FortiGate with similar settings, except for the remote gateway.

Configuring the FortiGate tunnel phases In the FortiOS GUI, navigate to VPN > IPsec > Auto Key (IKE) and select Create Phase 1. Name the tunnel, statically assign the IP Address of the remote gateway, and set the Local Interface to wan1. Select Preshared Key for Authentication Method and enter the same preshared key you chose when configuring the Cisco IPsec VPN Wizard. Configure this phase to match the encryption settings configured on the Cisco device and click OK. Select Create Phase 2. Identify Phase 1, which you just configured, and ensure that the encryption settings match the Phase 2 encryption settings configured on the Cisco device. Optionally, under Quick Mode Selector, specify the Source address and Destination address at the endpoints of the tunnel.

Configuring the FortiGate policies Navigate to Policy > Policy > Policy and create firewall policies that allow inbound and outbound traffic over the tunnel. In the first (outbound) policy, set the Incoming Interface to lan and set the Source Address to all. Set the Outgoing Interface to the tunnel interface and set the Destination Address to all. Configure the Schedule and Service as desired. Create the second (inbound) policy to allow traffic to flow in the opposite direction, and configure the Schedule and Service as desired. Configuring the static route in the FortiGate Navigate to Router > Static > Static Routes and select Create New. Create a static route with the Destination IP/Mask matching the address of the Cisco local network (by default, 192.168.1.0). Under Device, select the site-to-site tunnel, and click OK.

Results The tunnel should now be active. On the FortiGate, verify that the tunnel is up by navigating to VPN > Monitor > IPsec Monitor. The IPsec Monitor table will indicate the source and destination addresses, and the status of the tunnel (up or down) and its uptime. For more detailed tunnel information, go to Log & Report > Event Log > VPN and view the table. Select the tunnel entry in the table to view the information in greater detail.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information