Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

about site to site VPN....

Posted on 2006-06-10
2
Medium Priority
?
2,040 Views
Last Modified: 2008-03-04
Dear Sir :

our office using fortigate 60 and sonicwall pro 3060 ,
i have found this article

http://kc.forticare.com/default.asp?id=1657&SID=&Lang=1

but i can build up a VPN connection,
i need  to know ,

To add the addresses
====
Go to Firewall > Address.
Select Create New to create the FortiGate address.
Enter a name for the address, for example FortiGate_network.
Enter the FortiGate IP address and subnet. <---- Is this mean fortigate Publice address and it's subnet?
Select OK.

Select Create New again to create the SonicWall address.
Enter the name for the address, for example SonicWall_network.
Enter the SonicWall IP address and subnet. <---- Is this mean sonicwall Publice address and it's subnet?
Select OK.
===

===
Configure the SonicWall Device
Create the address object for the FortiGate unit to identify the FortiGate unit's IP address for the VPN Security Association (SA).

To create an address entry

Go to Network > Address Objects.
Select Add and enter the following:

Name: FortiGate_network
Zone Assignment: VPN
Type: Network
Network: FortiGate IP address  <-- Is this mean the remote fortigate Public address and it's own netmask?
                                                   like 202.133.222.133/255.255.255.240 ?
Netmask: FortiGate netmask

Select OK.
===

===
Configure the VPN settings for the VPN tunnel connection.

To configure the VPN, go to VPN.
Ensure Enable VPN is selected in the VPN Global Settings section.
Select Add in the VPN Policies area.
Select the General tab and configure the following:
IPSec Keying Mode: IKE using Preshared Secret.
Name: FortiGate_network
IPSec primary Gateway Name or Address: IPSec gateway IP address <--what it's mean? my sonicwall public IP address ?
Shared Secret: Preshared
Local IKE ID: IP Address (address left empty)
Peer IKE ID: IP Address (address left empty)
===

thanks



0
Comment
Question by:darkeryu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 16881120
I have not worked with either unit, but since you have not received a reply I will do my best to assist.
As a tip: most site-to-site VPN's  in the initial/basic configuration are looking for the public IP of the remote router. Within the VPN configuration they usually want the remote subnet and subnet mask. Each device needs to know the remote devices address to contact it, and then needs to know the remote local subnets to set up routing between the two subnets.
Also if it asks for IP address and subnet and does not have 2 sets of "boxes" it usually wants the format:
   192.168.123.1/24  (if subnet mask is 255.255.255.0)

As I see it:
>>"Enter the FortiGate IP address and subnet. <---- Is this mean fortigate Publice address and it's subnet?"
This would be the LAN IP and subnet of the Fortigate

>>"Enter the SonicWall IP address and subnet. <---- Is this mean sonicwall Publice address and it's subnet?"
This would be the Sonicwall's LAN IP and subnet.

>>"Network: FortiGate IP address  <-- Is this mean the remote fortigate Public address and it's own netmask?
                                                   like 202.133.222.133/255.255.255.240 ?"
I would think they want:
Network: FortiGate IP address  < WAN/public IP of the remote Fortigate
Netmask: FortiGate netmask      <WAN/public subnet mask of the remote Fortigate
The local and destination local network information is added in step #5

>>"IPSec primary Gateway Name or Address: IPSec gateway IP address <--what it's mean? my sonicwall public IP address ?"
I am not sure on this one but I would assume they wand the remote Fortigate's WAN/Public IP
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 16903664
Thanks darkeryu,
--Rob
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question