PC behind FortiGate> Window 7 > cmd > ping 192.168.1.33ġ. If you see below or log message, please check ZyWALL/USG Phase 1 Settings. PC behind ZyWALL/USG > Window 7 > cmd > ping 192.168.2.33 Ensure that both computers have Internet access (via the IPSec devices). The Status connect icon is lit when the interface is connected.ĬONFIGURATION > VPN > IPSec VPN > VPN ConnectionĢ. Go to ZyWALL/USG MONITOR > VPN Monitor > IPSec and verify the tunnel Up Time and Inbound(Bytes)/Outbound(Bytes) traffic.ģ. Go to FortiGate VPN > Monitor > IPsec Monitor and check the tunnel Status is up and Incoming Data/Outgoing Data traffic.Ĥ. To test whether or not a tunnel is working, ping from a computer at one site to a computer at the other. Click OK to exit the configuration page.ġ. Go to ZyWALL/USG CONFIGURATION > VPN > IPSec VPN > VPN Connection, click Connect on the upper bar. VPN > IPsec > Wizard > Custom VPN Tunnel (No Template) > Phase 2 SelectorsĦ. This screen provides a summary of the VPN tunnel. Make sure you uncheck Enable Perfect Forward Secrecy (PFS) if this function is disabled in the peer ZyWALL/USG. Set Local Address to be the IP address range of the network connected to the FortiGate and Remote Address to be the IP address range of the network connected to the ZyWALL/USG. VPN > IPsec > Wizard > Custom VPN Tunnel (No Template) > Phase 1 Proposalĥ. Go to Phase 2 Selectors > Advanced and configure Phase 2 Proposal as the peer ZyWALL/USG Advanced Settings’ Phase 2 Settings > Proposal. VPN > IPsec > Wizard > Custom VPN Tunnel (No Template) > AuthenticationĤ. Configure Phase 1 Proposal and Diffie-Hellman Group as the peer ZyWALL/USG Advanced Settings’ Phase 1 Settings > Proposal and Key Group. VPN > IPsec > Wizard > Custom VPN Tunnel (No Template) > Networkģ. Go to Authentication section, enter Pre-shared Key and choose negotiation Mode the same as the peer ZyWALL/USG’s. Select the Interface which is connected to the Internet. VPN > IPsec > Wizard > Custom VPN Tunnel (No Template)Ģ. Type the Name used to identify this VPN connection, configure Remote Gateway IP as the peer ZyWALL/USG’s WAN IP address. Set Up the IPSec VPN Tunnel on the FortiGateġ. In the FortiGate VPN > IPsec > Wizard > Custom VPN Tunnel (No Template), use the VPN Setup to create a Site-to-site VPN rule Name. Configure Authentication > Peer ID Type as Any to let the ZyWALL/USG does not require to check the identity content of the remote IPSec router.ĬONFIGURATION > VPN > IPSec VPN > VPN Gateway > Show Advanced Settings > Authentication > Peer ID Type Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings > Wizard Completedħ. Go to CONFIGURATION > VPN > IPSec VPN > VPN Gateway and click Show Advanced Settings. The Phase 1 rule settings appear in the VPN > IPSec VPN > VPN Gateway screen and the Phase 2 rule settings appear in the VPN > IPSec VPN > VPN Connection screen. Quick Setup > VPN Setup Wizard > Welcome > Wizard Type > VPN Settings (Summary)Ħ. Now the rule is configured on the ZyWALL/USG. Quick Setup > VPN Setup Wizard > Wizard Type > VPN Settings (Configuration)ĥ. This screen provides a read-only summary of the VPN tunnel. Set Local Policy to be the IP address range of the network connected to the ZyWALL/USG and Remote Policy to be the IP address range of the network connected to the FortiGate. Then, type a secure Pre-Shared Key (8-32 characters). Quick Setup > VPN Setup Wizard > Wizard Type > VPN Settings (Scenario)Ĥ. Configure Secure Gateway IP as the FortiGate’s WAN IP address (in the example, 172.100.30.40). You may use 1-31 alphanumeric characters. Quick Setup > VPN Setup Wizard > Wizard Typeģ. Type the Rule Name used to identify this VPN connection (and VPN gateway). Click Next.Ģ. Choose Express to create a VPN rule with the default phase 1 and phase 2 settings and use a pre-shared key to be the authentication method. Set Up the IPSec VPN Tunnel on the ZyWALL/USGġ. In the ZyWALL/USG, go to CONFIGURATION > Quick Setup > VPN Setup Wizard, use the VPN Settings wizard to create a VPN rule that can be used with the FortiGate. This example was tested using USG310 (Firmware Version: ZLD 4.13) and FortiGate 100D (Firmware Version: Forti OS 5.2.1). Please replace them with your actual network IP addresses and subnet masks. Note: All network IP addresses and subnet masks are used as examples in this article. ZyWALL Site-to-site IPSec VPN with FortiGate Connected When the VPN tunnel is configured, each site can be accessed securely. The example instructs how to configure the VPN tunnel between each site. This example shows how to use the VPN Setup Wizard to create a site-to-site VPN between a ZYWALL/USG and a FortiGate router.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |