Thursday, December 24, 2009

Fortigate -- Setup auto initiate the VPN connection by Fortigate Dialup unit

As my posted before, we replaced the firewall on Shanghai office to Fortigate 60B and it used two dynamic PPPoE DSL for internet and VPN connection. Everything works smoothly but we found that the VPN tunnel can't create automatically and needs traffic triggered by dialup side to create the VPN tunnel. The tunnel can't be created by dialup server. It means that if users behind of dialup server and need to access to the resource behind of dialup client but VPN tunnel is not created, the access will fail. It is annoying.
To solve this issue, we need to enable auto-negotiate on Fortigate dialup client side through CLI mode.
Please refer the example configuration as below:
========================================
config vpn ipsec phase2
    edit "VPN_IKE"
        set auto-negotiate enable
        set keepalive enable
        set phase1name "VPN"
        set proposal aes128-sha1
        set dhgrp 1
        set dst-subnet 192.168.11.0 255.255.255.0
        set src-subnet 192.168.22.0 255.255.255.0
    next
end
========================================
After enable the auto-negotiate function on phase2 IKE, the VPN tunnel can create automatically and I don't have to worry about users can't access to remote resource through VPN tunnel.
張貼者: 位於
Tag:

5 comments:

  1. UnknownApril 3, 2015 at 12:53 AM

    Yes that's perfect/
    vpn encryption

    ReplyDelete
  2. Zachary HuangApril 9, 2015 at 10:53 AM

    Thank you, enjoy it!!

    ReplyDelete
  3. 2009 DREAMDecember 1, 2017 at 3:00 AM

    This is highly informatics, crisp and clear. I think that everything has been described in systematic manner so that reader could get maximum information and learn many things. our blog

    ReplyDelete
  4. Mueeid KhanSeptember 10, 2020 at 11:38 PM

    Ubuntu is an extremely well known working framework for workers, and when you're hoping to set up your very own VPN that runs one of the numerous varieties of the working frameworks accessible today, at that point I firmly suggest that you see what Open VPN can make feasible for you.frizbox

    ReplyDelete
  5. lamarvalleNovember 7, 2022 at 11:25 PM

    ECOGRA is the word on responsible playing and protects players towards unfair practices. If you like to download free games to your gadget, you'll be able to|you possibly can} download them instantly from on-line casino sites, as part of of} their downloadable casino suite. Another popular choice is to download apps 텐벳 from the App Store or Google Play for cellular play. It couldn’t be easier to play one of the best free on-line casino games on our website. Just click the sport you wish to play, and it will then launch on your display straightaway.

    ReplyDelete

Do you like it? Welcome to leave your command.

Subscribe to: Post Comments (Atom)