fortigate 50a to server2008 vpn, how to

hi there

have a fortigate 50a, and have server 2008 in another location far from the fortigate.  the server 2008 is acting as a vpn server, certain users can authenticate and connect via vpn.

in xp, they just make a new connection, vpn, put in the server's outside ip address, domain\username and password, and can connect.  they can then access things by netbios, ip, etc.

NOW we want to be able to configure a fortigate 50a to connect itself to the server 2008 vpn server.  note that the fortigate is NOT intended to be SERVING vpn... but it should be a client of the server2008 machine.  when it connects to the vpn, we'd like LAN machines that are on the private side of the fortigate, to be able to talk to things on the private side of the server 2008 network.  this already works for XP clients who connect themselves, we just want to add the functionality of a site-to-site tunnel, using the 50a

please post steps rather than pasting links to the various PDF guides out there.  cite references if you want, but please please please don't just paste "look here [control-v]"
LVL 24
B HAsked:
Who is Participating?
 
dpk_walCommented:
I think with 2008 acting as site-to-site VPN tunnel endpoint access to other resources would be available.

Yes, you can create VPN tunnel between two fortigates, have a look at the guide below:
http://docs.fortinet.com/fgt/archives/3.0/techdocs/FortiGate_IPSec_VPN_User_Guide_01-30005-0065-20081015.pdf

Thank you.
0
 
dpk_walCommented:
Fortigate 50a would act as VPN client; you can configure site-to-site VPN tunnel between fortigate and 2008 if you wish [foretigate would act as VPN endpoint in this case which as I read you do not wish].

Here's the VPN support of 50-100 series [complete document: http://www.fortinet.com/doc/FGT50_100DS.pdf]:
VIRTUAL PRIVATE NETWORK (VPN)
ICSA Labs Certified (IPSec & SSL)
PPTP, IPSec, and SSL
Dedicated Tunnels
DES, 3DES, and AES Encryption Support
SHA-1/MD5 Authentication
PPTP, L2TP, VPN Client Pass Through
Hub and Spoke VPN Support
IKE Certificate Authentication
IPSec NAT Traversal
Dead Peer Detection
RSA SecurID Support

Thank you.
0
 
dpk_walCommented:
Correction:
Read: Fortigate 50a would act as VPN client;
as: Fortigate 50a would NOT act as VPN client;

Sorry for the typo.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
B HAuthor Commented:
i understand now...  

if i make the 2008 machine go out and connect to the fortigate, how does that affect local traffic of the server itself?  in my experience, whoever is the vpn client, the rest of the network gets blocked except for that vpn

can i do a site to site between two fortigates, a 50a and a 60a?
0
 
B HAuthor Commented:
what do you mean "look at this guide" there's 165 pages :)

0
 
B HAuthor Commented:
yes that is a good link - i guess there's no way to really get a hardware device to work vpn with 2008... i'll go device to device
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.