DANRESA Security and Network Solutions

Fortigate VPN Iphone / Ipad

As configurações abaixo fora retiradas do KB da Fortinet que refere-se ao FortiOS4 MR3, entretanto já testamos na vesrão 5.0 e funciona perfeitamente:

Siga as etapas abaixo:

Setup a User, User Group, and Firewall Addresses:

config user local
edit “testuser”
set status enable
set type password
set passwd <password>
end

config user group
edit “AppleVPNUsers”
set member “test”
end

config firewall address
edit “internal1subnet”
set subnet <ip here subnet here> (ie: 192.168.29.0 255.255.255.0)
next

edit “appleVPNsubnet”
set subnet 10.3.3.0 255.255.255.0
end

Phase 1 Settings:

config vpn ipsec phase1-interface
edit “AppleVPN”
set type dynamic
set interface “wan1”
set dhgrp 2
set peertype one
set xauthtype auto
set mode aggressive
set mode-cfg enable
set proposal aes256-md5 aes256-sha1
set peerid “apple”
set authusrgrp “AppleVPNUsers”
set ipv4-start-ip 10.3.3.1
set ipv4-end-ip 10.3.3.254
set ipv4-netmask 255.255.255.0
set psksecret <tunnel password here>
end

Optional DNS Phase 1 settings:
set domain <domain suffix here>
set ipv4-dns-server1 <DNS server IP here>
set ipv4-dns-server2 <DNS server IP here>
set ipv4-dns-server3 <DNS server IP here>

Phase 2 Settings:

config vpn ipsec phase2-interface
edit “AppleVPNp2”
set keepalive enable
set pfs disable
set phase1name “AppleVPN”
set proposal aes256-md5 aes256-sha1
end

Configure Firewall Policies:

VPN => LAN

config firewall policy
edit <unique firewall policy ID here>
set srcintf “AppleVPN”
set dstintf “internal1”
set srcaddr “appleVPNsubnet”
set dstaddr “internal1subnet”
set action accept
set schedule “always”
set service “ANY”
next

LAN => VPN

edit <unique firewall policy ID here>
set srcintf “internal1”
set dstintf “AppleVPN”
set srcaddr “internal1subnet”
set dstaddr “appleVPNsubnet”
set action accept
set schedule “always”
set service “ANY”
end

If you want VPN clients to access web pages while connected create
another firewall policy from the VPN tunnel out the WAN interface:

config firewall policy
edit <unique firewall policy ID here>
set srcintf “AppleVPN”
set dstintf “wan1”
set srcaddr “appleVPNsubnet”
set dstaddr “all”
set action accept
set schedule “always”
set service “ANY”
set nat enable
end

Static route to route traffic for tunnel clients back out the tunnel:

config router static
edit <unique route ID>
set device “AppleVPN”
set dst 10.3.3.0 255.255.255.0
end

Configuration required on the iPad/iPhone Cisco VPN Client:

description: FortiGate VPN
server: IP of the FortiGate WAN interface that is configured for VPN (interface : wan1
in this case)
account: testuser (a user account on the FortiGate)
password: <configured previously>
Use certificate: off
group name: apple
secret: Pre-shared key for the tunnel, from the phase one step

Fonte: http://kb.fortinet.com/kb/viewContent.do?externalId=FD33376&sliceId=1

Compre FortiGate
Compre produtos Fortinet pelo telefone (11) 4452-6450 ou e-mail comercial@danresa.com.br

Deixe uma resposta

Esse site utiliza o Akismet para reduzir spam. Aprenda como seus dados de comentários são processados.