Katana Client to Fortinet VPN Gateway

Similar documents
Katana Client to Linksys VPN Gateway

IPsec VPN Application Guide REV:

VPN Configuration of ProSafe Client and Netgear ProSafe Router:

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Internet. SonicWALL IP SEV IP IP IP Network Mask

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Setting up VPN Tracker with Nortel VPN Routers

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Configure an IPSec Tunnel between a Firebox Vclass & a Check Point FireWall-1

Chapter 5 Virtual Private Networking Using IPsec

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

ISG50 Application Note Version 1.0 June, 2011

7. Configuring IPSec VPNs

Configuring IPsec VPN between a FortiGate and Microsoft Azure

RouteFinder. IPSec VPN Client. Setup Examples. Reference Guide. Internet Security Appliance

Lab 4.4.8a Configure a Cisco GRE over IPSec Tunnel using SDM

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Configure VPN between ProSafe VPN Client Software and FVG318

How To Setup Cyberoam VPN Client to connect a Cyberoam for remote access using preshared key

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Windows XP VPN Client Example

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

Configure IPSec VPN Tunnels With the Wizard

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

Chapter 6 Virtual Private Networking

Application Notes. How to Configure UTM with Apple OSX and ios Devices for IPsec VPN

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

How To Configure L2TP VPN Connection for MAC OS X client

How To Industrial Networking

IPSec Pass through via Gateway to Gateway VPN Connection

How To Configure Apple ipad for Cyberoam L2TP

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.

VPN Wizard Default Settings and General Information

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

Gateway to Gateway VPN Connection

Chapter 6 Basic Virtual Private Networking

VPN Configuration of ProSafe VPN Lite software and NETGEAR ProSafe Router:

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

VPN L2TP Application. Installation Guide

VPNC Interoperability Profile

Configuration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview

DI-804HV with Windows 2000/XP IPsec VPN Client Configuration Guide

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Configuring IPsec between a Microsoft Windows XP Professional (1 NIC) and the VPN router

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

VPN Configuration Guide LANCOM

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

IP Office Technical Tip

Netopia TheGreenBow IPSec VPN Client. Configuration Guide.

Chapter 8 Virtual Private Networking

Configuring the PIX Firewall with PDM

Apliware firewall. TheGreenBow IPSec VPN Client. Configuration Guide.

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Astaro User Portal: Getting Software and Certificates Astaro IPsec Client: Configuring the Client...14

Interoperability Guide

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Interconnection between the Windows Azure

How to setup a VPN on Windows XP in Safari.

How to configure VPN function on TP-LINK Routers

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

How to configure VPN function on TP-LINK Routers

Application Note: Integrate Juniper IPSec VPN with Gemalto SA Server. October

Chapter 4 Virtual Private Networking

Using IPsec VPN to provide communication between offices

Configuring SonicOS for Microsoft Azure

VPN Tracker for Mac OS X

VPN. VPN For BIPAC 741/743GE

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Connecting Remote Offices by Setting Up VPN Tunnels

TheGreenBow IPsec VPN Client. Configuration Guide Cisco RV325 v1. Website: Contact:

Planet CS TheGreenBow IPSec VPN Client. Configuration Guide.

VPN Tracker for Mac OS X

Juniper NetScreen 5GT

TechNote. Configuring SonicOS for Amazon VPC

Using Opensource VPN Clients with Firetunnel

ZyXEL ZyWALL P1 firmware V3.64

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

Vodafone MachineLink 3G. IPSec VPN Configuration Guide

ZyWALL USG-Series. How to setup a Site-to-site VPN connection between two ZyWALL USG series.

Dial-Up VPN auf eine Juniper

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

Keying Mode: Main Mode with No PFS (perfect forward secrecy) SA Authentication Method: Pre-Shared key Keying Group: DH (Diffie Hellman) Group 1

Setting up D-Link VPN Client to VPN Routers

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

NETGEAR ProSAFE VPN Client

VPN Tracker for Mac OS X

Transcription:

Katana Client to Fortinet VPN Gateway Goal Configure a VPN tunnel between a Katana client and a Fortinet VPN gateway. Method The Katana client and the Fortinet VPN gateway must have consistent IKE/IPsec settings in order to establish a VPN tunnel. Fortinet gateway configuration The Fortinet VPN gateway (Fortigate-50A) and firewall has one internal (trusted) and one external (untrusted) interface. The external interface must be assigned a public IP address, and the internal interface must be assigned a subnet. In this example, we use 101.101.101.77 for the external interface and 192.168.77.1/255.255.255.0 for the internal interface. Katana client configuration In this example, the Katana client has an IP address of 101.101.101.2 and is not behind a NAT. However, it is possible that the client may have a non-routable IP address and be located behind a NAT router. The connection to the Fortinet VPN gateway will work in either case. www.trlokom.com - 1-2004 Trlokom, Inc.

Fortinet gateway IKE Tunnel configuration IKE configuration on Fortinet devices is tied to the gateway. When you select VPN IPSEC and click on Phase 1 tab, a list of all the remote gateways is displayed. While the road warrior (Dialup user) is not a remote gateway, an entry must be created here. Click the New button to create an entry for Road warrior. Figure 1: IKE Phase 1 proposals. Remote Gateway: Dialup User Mode: Aggressive DH Group: 2 Keylife: Key lifetime (28800seconds) Pre-shared Key: Secret for dialup user authentication ( abcdabcd in this example) Local ID: Public IP address: ID of the Fortinet gateway ( fortinet in this example) The current IP address of the client (101.101.101.2 in this example) Turn on the Enable NAT-Traversal option from the Advanced Options. www.trlokom.com - 2-2004 Trlokom, Inc.

Next click on the Phase 2 tab and add a new tunnel for the dialup user. Figure 2: IKE Phase 2(IPsec) proposal. Remote Gateway: Gateway for dialup user ( Roadwarrior in this example) P2 Proposal: 3DES-SHA1 and 3DES-MD5 Enable PFS: Yes DH Group: 2 Keylife: 28800 seconds Concentrator: None Quick mode identifiers: User wildcard selectors www.trlokom.com - 3-2004 Trlokom, Inc.

Fortinet gateway policy configuration The VPN gateways and tunnel must be associated with a security policy. Start the Fortinet device management GUI and select the Firewall category in the left column. Click on Edit in the From External To Internal zone. Figure 3: Dynamic gateway for remote access VPN. Create a policy for incoming traffic from Externall_All (0.0.0.0/0) to the LAN (192.168.77.0/24 in this example) or to Internal_All and set the Action to ENCRYPT. Assign a name to the VPN tunnel. www.trlokom.com - 4-2004 Trlokom, Inc.

Katana client tunnel configuration The Role must be set to Stand-alone client, and the VPN button in the toolbar must show a lock that is closed and green. Multiple VPN tunnels can be defined, and each one can be activated or deactivated independently. In the Configuration window, click the Add button to the right of the list of tunnels. This opens the dialog box to define tunnel parameters. Figure 4: Katana control panel and configuration window www.trlokom.com - 5-2004 Trlokom, Inc.

Enter the local (Katana side) and remote (Fortinet side) configuration. If the client subnet mask is set to 32 (255.255.255.255), the IP address and client ID will be automatically set to the client s address. At the bottom left, the ID type must be set to FQDN and the mode set to Aggressive mode. In addition, NAT Traversal must be enabled. For the Local configuration, enter: Client ID: Subnet: Public IP address: ID to be used by the client ("Roadwarrior" in this example) 0.0.0.0 / 0 (required) The current IP address of the client (101.101.101.2 in this example) For the Remote configuration, enter: Remote ID: Subnet: 192.168.77.0 / 24 Public IP address: Public IP address of the Fortinet gateway (101.101.101.77 in this example) Public IP address of the Fortinet gateway (101.101.101.77 in this example) Figure 5: Tunnel definition. www.trlokom.com - 6-2004 Trlokom, Inc.

Katana client IKE / IPsec configuration To configure the IKE and IPsec parameters to match those on the gateway, click the Edit proposals button in the "Define tunnel" window. This will open the Edit proposals window where the IKE and IPsec parameters are specified. The IKE (ISAKMP) settings must be Tunnel mode using Aggressive mode, and NAT Traversal must be disabled. There are four proposals in this example, but more importantly, there is one proposal that will be accepted by the Fortinet gateway, i.e., 3DES-MD5. The lifetime is set to 2 hours. To add more proposals, click the Add ISAKMP proposal button. There are four IPsec proposals in this example, but more importantly, there is one proposal that will be accepted by the Fortinet gateway, i.e., 3DES-MD5. Perfect forward secrecy is enabled using MODP 1024 (the second Diffie-Hellman group). The lifetime is set to 2 hours. To add more proposals, click on Add IPsec proposal button. To change a proposal in either list, double-click on it. To re-arrange proposals in either list, select one, hold down the Ctrl key, and press the up or down arrow keys. Figure 6: IKE (ISAKMP) and IPsec proposals. www.trlokom.com - 7-2004 Trlokom, Inc.

Conclusion After the VPN tunnel is defined, Katana will automatically attempt to establish it. A green checkmark will appear next to the tunnel if it is established successfully. If a tunnel cannot be established, no icon will be displayed. If the tunnel has been disabled, a red cross will be displayed. To disconnect a tunnel, select it and click the Disconnect button to the right of the list of tunnels. Since VPN tunnels are created on demand, the tunnel may be re-established automatically. To disable a tunnel, turn off the Tunnel is enabled option at the top of the "Define tunnel" window. To completely disconnect from the VPN, click the VPN button in the toolbar. The lock will open and turn red. Figure 7: A green checkmark indicates that the tunnel is established. www.trlokom.com - 8-2004 Trlokom, Inc.

After establishing a VPN tunnel between the Katana client and the Fortinet gateway, the details of the security association (SA) can be viewed by clicking the Security associations button in the Configuration window. To delete an SA, select it in the Security Associations window and press the Delete button on the keyboard. Figure 8: List of existing security associations. www.trlokom.com - 9-2004 Trlokom, Inc.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information