Solved

about site to site VPN....

Posted on 2006-06-10
2
2,006 Views
Last Modified: 2008-03-04
Dear Sir :

our office using fortigate 60 and sonicwall pro 3060 ,
i have found this article

http://kc.forticare.com/default.asp?id=1657&SID=&Lang=1

but i can build up a VPN connection,
i need  to know ,

To add the addresses
====
Go to Firewall > Address.
Select Create New to create the FortiGate address.
Enter a name for the address, for example FortiGate_network.
Enter the FortiGate IP address and subnet. <---- Is this mean fortigate Publice address and it's subnet?
Select OK.

Select Create New again to create the SonicWall address.
Enter the name for the address, for example SonicWall_network.
Enter the SonicWall IP address and subnet. <---- Is this mean sonicwall Publice address and it's subnet?
Select OK.
===

===
Configure the SonicWall Device
Create the address object for the FortiGate unit to identify the FortiGate unit's IP address for the VPN Security Association (SA).

To create an address entry

Go to Network > Address Objects.
Select Add and enter the following:

Name: FortiGate_network
Zone Assignment: VPN
Type: Network
Network: FortiGate IP address  <-- Is this mean the remote fortigate Public address and it's own netmask?
                                                   like 202.133.222.133/255.255.255.240 ?
Netmask: FortiGate netmask

Select OK.
===

===
Configure the VPN settings for the VPN tunnel connection.

To configure the VPN, go to VPN.
Ensure Enable VPN is selected in the VPN Global Settings section.
Select Add in the VPN Policies area.
Select the General tab and configure the following:
IPSec Keying Mode: IKE using Preshared Secret.
Name: FortiGate_network
IPSec primary Gateway Name or Address: IPSec gateway IP address <--what it's mean? my sonicwall public IP address ?
Shared Secret: Preshared
Local IKE ID: IP Address (address left empty)
Peer IKE ID: IP Address (address left empty)
===

thanks



0
Comment
Question by:darkeryu
  • 2
2 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 16881120
I have not worked with either unit, but since you have not received a reply I will do my best to assist.
As a tip: most site-to-site VPN's  in the initial/basic configuration are looking for the public IP of the remote router. Within the VPN configuration they usually want the remote subnet and subnet mask. Each device needs to know the remote devices address to contact it, and then needs to know the remote local subnets to set up routing between the two subnets.
Also if it asks for IP address and subnet and does not have 2 sets of "boxes" it usually wants the format:
   192.168.123.1/24  (if subnet mask is 255.255.255.0)

As I see it:
>>"Enter the FortiGate IP address and subnet. <---- Is this mean fortigate Publice address and it's subnet?"
This would be the LAN IP and subnet of the Fortigate

>>"Enter the SonicWall IP address and subnet. <---- Is this mean sonicwall Publice address and it's subnet?"
This would be the Sonicwall's LAN IP and subnet.

>>"Network: FortiGate IP address  <-- Is this mean the remote fortigate Public address and it's own netmask?
                                                   like 202.133.222.133/255.255.255.240 ?"
I would think they want:
Network: FortiGate IP address  < WAN/public IP of the remote Fortigate
Netmask: FortiGate netmask      <WAN/public subnet mask of the remote Fortigate
The local and destination local network information is added in step #5

>>"IPSec primary Gateway Name or Address: IPSec gateway IP address <--what it's mean? my sonicwall public IP address ?"
I am not sure on this one but I would assume they wand the remote Fortigate's WAN/Public IP
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16903664
Thanks darkeryu,
--Rob
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Join & Write a Comment

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now