Contents
FortiGate-60 Administration Guide 01-28006-0002-20041105 9
Monitor............................................................................................................................ 257
Dialup monitor............................................................................................................. 258
Static IP and dynamic DNS monitor............................................................................ 258
PPTP............................................................................................................................... 259
Setting up a PPTP-based VPN ................................................................................... 259
Enabling PPTP and specifying a PPTP range ............................................................ 260
Configuring a Windows 2000 client for PPTP ............................................................. 261
Configuring a Windows XP client for PPTP ................................................................ 261
PPTP passthrough...................................................................................................... 262
L2TP .............................................................................................................................. 263
Setting up a L2TP-based VPN.................................................................................... 264
Enabling L2TP and specifying an L2TP range............................................................ 264
Configuring a Windows 2000 client for L2TP.............................................................. 265
Configuring a Windows XP client for L2TP ................................................................. 266
Certificates...................................................................................................................... 268
Viewing the certificate list............................................................................................ 269
Generating a certificate request.................................................................................. 269
Installing a signed certificate ...................................................................................... 271
Enabling VPN access for specific certificate holders ................................................. 272
CLI configuration............................................................................................................. 273
ipsec phase1............................................................................................................... 273
ipsec phase2............................................................................................................... 275
ipsec vip ...................................................................................................................... 276
Authenticating peers with preshared keys ...................................................................... 278
Gateway-to-gateway VPN............................................................................................... 278
Dialup VPN ..................................................................................................................... 279
Dynamic DNS VPN......................................................................................................... 279
Manual key IPSec VPN................................................................................................... 280
Adding firewall policies for IPSec VPN tunnels............................................................... 280
Setting the encryption policy direction ........................................................................ 280
Setting the source address for encrypted traffic ......................................................... 280
Setting the destination address for encrypted traffic................................................... 281
Adding an IPSec firewall encryption policy ................................................................. 281
Internet browsing through a VPN tunnel......................................................................... 281
Configuring Internet browsing through a VPN tunnel.................................................. 282
IPSec VPN in Transparent mode.................................................................................... 283
Special rules ............................................................................................................... 283
Hub and spoke VPNs...................................................................................................... 284
Configuring the hub..................................................................................................... 284
Configuring spokes ..................................................................................................... 286
Redundant IPSec VPNs.................................................................................................. 287
Configuring redundant IPSec VPNs............................................................................ 287
Configuring IPSec virtual IP addresses .......................................................................... 288
Troubleshooting .............................................................................................................. 290