|
Vigor LAN range: 172.16.1.0/255.255.255.0
Fortigate LAN range: 192.168.198.0/255.255.255.0
Vigor as dial-out side, dial to Fortigate router/firewall.
In this example, we just test Aggressive mode.
Setting in Vigor side
1.See pictures below, 211.152.185.106 is IP address of remote Fortigate.
Click “IKE Pre-Shared key” button to key in the
pre-shared key (should be the same as remote end)
2. Click “Advance” button to setup phase 1 mode,
proposal, PFS and key lifetime, see picture below. Local ID
is used for authentication in Aggressive mode, In Fortigate
setting, must point remote ID as Fortigate, or else, the authentication
can’t succeed. (PFS is disabled here by default, while
in Fortigate, it’s enabled by default)
3. And then, we should point out remote network in “TCP/IP
Network Settings”, see picture below.
Settings in Fortigate side
1. Phase 1 setting.
Notice in aggressive mode, because Vigor use Local ID to authenticate, you should tick “Accept this peer ID:
shdraytek”, the “shdraytek” peer id is already set in step 2 of vigor setting., pre-shared should
be the same as Vigor setting.
2. Then go to phase 2 setting, In Remote Gateway field, choose the gateway name you created in Step 1, shdraytek
3. policy should be set to pass VPN traffic.
Then, dial from vigor
Click Dial button, and VPN tunnel should be established as wish.
See Fortigate monitor
|
|
|
Page last modified : 13 October 2008 |