-
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet
Using Preshared Key
1/8
Establish VPN Tunnel between Cyberoam and Fortinet using
Preshared key
Applicable to Version: 9.4.0 build 2 onwards
This article describes a detailed configuration example that
demonstrates how to configure site-to-siteIPSec VPN tunnel between
a Cyberoam and Fortinet Firewall using Preshared Key to
authenticateVPN peers.
It is assumed that the reader has a working knowledge of
Cyberoam and Fortinet applianceconfiguration.
Throughout the article we will consider the below given
hypothetical network and other parameters toestablish the
connection.
Fortinet Configuration
Step 1. Configure Phase 1 parameters
Go to VPN > IPSec > Auto-Key and click Create Phase 1 to
create a new phase 1 tunnelconfiguration as shown below.
Name: Cyberoam
-
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet
Using Preshared Key
2/8
Remote Gateway: Static IP AddressIP Address: 202.134.168.202
(Public IP address of the Cyberoam)Local Interface: wan1 (Select
the interface through which Cyberoam connects to the Fortigate
unit) Mode: Main (default)Authentication Method: Preshared
KeyPre-shared Key: As per your required (same as configured in the
Cyberoam)
Under Advanced
P1 Proposal:1-Encryption: 3DES, Authentication: MD5DH Group:
2Keylife: 28800X-Auth: DisableNat-traversal: EnableKeepalive
Frequency: 10Dead Peer Detection: Enable
-
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet
Using Preshared Key
3/8
Step 2. Configure Phase 2 parameters
Go to VPN > IPSec > Auto-Key and click Create Phase 2 to
create a new phase 2 tunnelconfiguration as shown below.
Name: For CyberoamPhase 1: Cyberoam (created in step 1)
Under Advanced
P2 Proposal:1-Encryption: 3DES, Authentication: MD5
Enable replay detection: EnableEnable perfect forward secrecy:
Enable
-
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet
Using Preshared Key
4/8
DH Group: 2Keylife: 1800 secondsAuto key Keep Alive:Enable
Under Quick Mode SelectorSource address: 172.50.50.0/24
Destination address: 172.16.16.0/24
Step 3. Add firewall addresses
Create firewall addresses for the private networks at either end
of the VPN.
Create address for Cyberoam subnetGo to Firewall > Address
and click New
Address Name: CyberoamsubnetType: Subnet/IP RangeSubnet/IP
Range: 172.16.16.0/255.255.255.0Interface: wan1
Create address for Fortinet subnet
Go to Firewall > Address and click NewAddress Name:
FortinetSubnet
Type: Subnet/IP RangeSubnet/IP Range: 172.50.50.0/
255.255.255.0
-
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet
Using Preshared Key
5/8
Interface: internal
Step 4. Configure Firewall policy
Source Interface/Zone: internalSource Address: FortinetSubnet
(as created in step 3)Destination Interface/Zone: wan1Destination
Address: Cyberoamsubnet (as created in step 3)Action: IPSECVPN
Tunnel: Cyberoam (as created in step 1)Allow inbound: EnableAllow
Outbound: Enable
Cyberoam Configuration
Log on to Cyberoam Web Admin Console and perform the following
steps:
Step 5: Create IPSec connection
Go to VPN IPSec Connection Create Connection and create
connection with the following
values:
-
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet
Using Preshared Key
6/8
Connection name: FortinetPolicy: DefaultAction on restart: As
per your requirementMode: TunnelConnection Type: Net to
NetAuthentication Type Preshared Key
Preshared Key: As per your requirementLocal server IP address
(WAN IP address) 202.134.168.202Local Internal Network
172.16.16.0/24Remote server IP address (WAN IP address)
202.134.168.208Remote Internal Network 172.50.50.0/24
-
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet
Using Preshared Key
7/8
Step 6: Activate and Establish Connection
Go to VPN IPSec Connection Manage Connection and click against
the connection.
-
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet
Using Preshared Key
8/8
