Upload
ayanbasu
View
269
Download
1
Embed Size (px)
Citation preview
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet Using Preshared Key
1/8
Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key
Applicable to Version: 9.4.0 build 2 onwards
This article describes a detailed configuration example that demonstrates how to configure site-to-siteIPSec VPN tunnel between a Cyberoam and Fortinet Firewall using Preshared Key to authenticateVPN peers.
It is assumed that the reader has a working knowledge of Cyberoam and Fortinet applianceconfiguration.
Throughout the article we will consider the below given hypothetical network and other parameters toestablish the connection.
Fortinet Configuration
Step 1. Configure Phase 1 parameters
Go to VPN > IPSec > Auto-Key and click Create Phase 1 to create a new phase 1 tunnelconfiguration as shown below.
Name: Cyberoam
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet Using Preshared Key
2/8
Remote Gateway: Static IP AddressIP Address: 202.134.168.202 (Public IP address of the Cyberoam)Local Interface: wan1 (Select the interface through which Cyberoam connects to the Fortigate unit) Mode: Main (default)Authentication Method: Preshared KeyPre-shared Key: As per your required (same as configured in the Cyberoam)
Under Advanced
P1 Proposal:1-Encryption: 3DES, Authentication: MD5DH Group: 2Keylife: 28800X-Auth: DisableNat-traversal: EnableKeepalive Frequency: 10Dead Peer Detection: Enable
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet Using Preshared Key
3/8
Step 2. Configure Phase 2 parameters
Go to VPN > IPSec > Auto-Key and click Create Phase 2 to create a new phase 2 tunnelconfiguration as shown below.
Name: For CyberoamPhase 1: Cyberoam (created in step 1)
Under Advanced
P2 Proposal:1-Encryption: 3DES, Authentication: MD5
Enable replay detection: EnableEnable perfect forward secrecy: Enable
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet Using Preshared Key
4/8
DH Group: 2Keylife: 1800 secondsAuto key Keep Alive:Enable
Under Quick Mode SelectorSource address: 172.50.50.0/24
Destination address: 172.16.16.0/24
Step 3. Add firewall addresses
Create firewall addresses for the private networks at either end of the VPN.
Create address for Cyberoam subnetGo to Firewall > Address and click New
Address Name: CyberoamsubnetType: Subnet/IP RangeSubnet/IP Range: 172.16.16.0/255.255.255.0Interface: wan1
Create address for Fortinet subnet
Go to Firewall > Address and click NewAddress Name: FortinetSubnet
Type: Subnet/IP RangeSubnet/IP Range: 172.50.50.0/ 255.255.255.0
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet Using Preshared Key
5/8
Interface: internal
Step 4. Configure Firewall policy
Source Interface/Zone: internalSource Address: FortinetSubnet (as created in step 3)Destination Interface/Zone: wan1Destination Address: Cyberoamsubnet (as created in step 3)Action: IPSECVPN Tunnel: Cyberoam (as created in step 1)Allow inbound: EnableAllow Outbound: Enable
Cyberoam Configuration
Log on to Cyberoam Web Admin Console and perform the following steps:
Step 5: Create IPSec connection
Go to VPN IPSec Connection Create Connection and create connection with the following
values:
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet Using Preshared Key
6/8
Connection name: FortinetPolicy: DefaultAction on restart: As per your requirementMode: TunnelConnection Type: Net to NetAuthentication Type Preshared Key
Preshared Key: As per your requirementLocal server IP address (WAN IP address) 202.134.168.202Local Internal Network 172.16.16.0/24Remote server IP address (WAN IP address) 202.134.168.208Remote Internal Network 172.50.50.0/24
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet Using Preshared Key
7/8
Step 6: Activate and Establish Connection
Go to VPN IPSec Connection Manage Connection and click against the connection.
8/2/2019 Establish VPN Tunnel Between Cyberoam and Fortinet Using Preshared Key
8/8