fortigate 50a to server2008 vpn, how to

hi there

have a fortigate 50a, and have server 2008 in another location far from the fortigate.  the server 2008 is acting as a vpn server, certain users can authenticate and connect via vpn.

in xp, they just make a new connection, vpn, put in the server's outside ip address, domain\username and password, and can connect.  they can then access things by netbios, ip, etc.

NOW we want to be able to configure a fortigate 50a to connect itself to the server 2008 vpn server.  note that the fortigate is NOT intended to be SERVING vpn... but it should be a client of the server2008 machine.  when it connects to the vpn, we'd like LAN machines that are on the private side of the fortigate, to be able to talk to things on the private side of the server 2008 network.  this already works for XP clients who connect themselves, we just want to add the functionality of a site-to-site tunnel, using the 50a

please post steps rather than pasting links to the various PDF guides out there.  cite references if you want, but please please please don't just paste "look here [control-v]"
LVL 24
B HAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dpk_walCommented:
Fortigate 50a would act as VPN client; you can configure site-to-site VPN tunnel between fortigate and 2008 if you wish [foretigate would act as VPN endpoint in this case which as I read you do not wish].

Here's the VPN support of 50-100 series [complete document: http://www.fortinet.com/doc/FGT50_100DS.pdf]:
VIRTUAL PRIVATE NETWORK (VPN)
ICSA Labs Certified (IPSec & SSL)
PPTP, IPSec, and SSL
Dedicated Tunnels
DES, 3DES, and AES Encryption Support
SHA-1/MD5 Authentication
PPTP, L2TP, VPN Client Pass Through
Hub and Spoke VPN Support
IKE Certificate Authentication
IPSec NAT Traversal
Dead Peer Detection
RSA SecurID Support

Thank you.
0
dpk_walCommented:
Correction:
Read: Fortigate 50a would act as VPN client;
as: Fortigate 50a would NOT act as VPN client;

Sorry for the typo.
0
B HAuthor Commented:
i understand now...  

if i make the 2008 machine go out and connect to the fortigate, how does that affect local traffic of the server itself?  in my experience, whoever is the vpn client, the rest of the network gets blocked except for that vpn

can i do a site to site between two fortigates, a 50a and a 60a?
0
Make Network Traffic Fast and Furious with SD-WAN

Software-defined WAN (SD-WAN) is a technology that determines the most effective way to route traffic to and from datacenter sites. Register for the webinar today to learn how your business can benefit from SD-WAN!

dpk_walCommented:
I think with 2008 acting as site-to-site VPN tunnel endpoint access to other resources would be available.

Yes, you can create VPN tunnel between two fortigates, have a look at the guide below:
http://docs.fortinet.com/fgt/archives/3.0/techdocs/FortiGate_IPSec_VPN_User_Guide_01-30005-0065-20081015.pdf

Thank you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
B HAuthor Commented:
what do you mean "look at this guide" there's 165 pages :)

0
B HAuthor Commented:
yes that is a good link - i guess there's no way to really get a hardware device to work vpn with 2008... i'll go device to device
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.