• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2045
  • Last Modified:

about site to site VPN....

Dear Sir :

our office using fortigate 60 and sonicwall pro 3060 ,
i have found this article

http://kc.forticare.com/default.asp?id=1657&SID=&Lang=1

but i can build up a VPN connection,
i need  to know ,

To add the addresses
====
Go to Firewall > Address.
Select Create New to create the FortiGate address.
Enter a name for the address, for example FortiGate_network.
Enter the FortiGate IP address and subnet. <---- Is this mean fortigate Publice address and it's subnet?
Select OK.

Select Create New again to create the SonicWall address.
Enter the name for the address, for example SonicWall_network.
Enter the SonicWall IP address and subnet. <---- Is this mean sonicwall Publice address and it's subnet?
Select OK.
===

===
Configure the SonicWall Device
Create the address object for the FortiGate unit to identify the FortiGate unit's IP address for the VPN Security Association (SA).

To create an address entry

Go to Network > Address Objects.
Select Add and enter the following:

Name: FortiGate_network
Zone Assignment: VPN
Type: Network
Network: FortiGate IP address  <-- Is this mean the remote fortigate Public address and it's own netmask?
                                                   like 202.133.222.133/255.255.255.240 ?
Netmask: FortiGate netmask

Select OK.
===

===
Configure the VPN settings for the VPN tunnel connection.

To configure the VPN, go to VPN.
Ensure Enable VPN is selected in the VPN Global Settings section.
Select Add in the VPN Policies area.
Select the General tab and configure the following:
IPSec Keying Mode: IKE using Preshared Secret.
Name: FortiGate_network
IPSec primary Gateway Name or Address: IPSec gateway IP address <--what it's mean? my sonicwall public IP address ?
Shared Secret: Preshared
Local IKE ID: IP Address (address left empty)
Peer IKE ID: IP Address (address left empty)
===

thanks



0
darkeryu
Asked:
darkeryu
  • 2
1 Solution
 
Rob WilliamsCommented:
I have not worked with either unit, but since you have not received a reply I will do my best to assist.
As a tip: most site-to-site VPN's  in the initial/basic configuration are looking for the public IP of the remote router. Within the VPN configuration they usually want the remote subnet and subnet mask. Each device needs to know the remote devices address to contact it, and then needs to know the remote local subnets to set up routing between the two subnets.
Also if it asks for IP address and subnet and does not have 2 sets of "boxes" it usually wants the format:
   192.168.123.1/24  (if subnet mask is 255.255.255.0)

As I see it:
>>"Enter the FortiGate IP address and subnet. <---- Is this mean fortigate Publice address and it's subnet?"
This would be the LAN IP and subnet of the Fortigate

>>"Enter the SonicWall IP address and subnet. <---- Is this mean sonicwall Publice address and it's subnet?"
This would be the Sonicwall's LAN IP and subnet.

>>"Network: FortiGate IP address  <-- Is this mean the remote fortigate Public address and it's own netmask?
                                                   like 202.133.222.133/255.255.255.240 ?"
I would think they want:
Network: FortiGate IP address  < WAN/public IP of the remote Fortigate
Netmask: FortiGate netmask      <WAN/public subnet mask of the remote Fortigate
The local and destination local network information is added in step #5

>>"IPSec primary Gateway Name or Address: IPSec gateway IP address <--what it's mean? my sonicwall public IP address ?"
I am not sure on this one but I would assume they wand the remote Fortigate's WAN/Public IP
0
 
Rob WilliamsCommented:
Thanks darkeryu,
--Rob
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now