Solved

Fortigate VPN Link

Posted on 2010-09-17
1
898 Views
Last Modified: 2012-06-27
We have a fortigate 60 at our office which has an IPSEC VPN (INTERNAL to DATA CENTER) to our data center firewall, a Cisco ASA. We also have a IPSEC VPN so users can connect to the fortigate and access our INTERNAL network. Is it possible to easily allow users connected to the INTERNETAL IPSEC VPN access to the DATA CENTER?
0
Comment
Question by:GCaron
1 Comment
 
LVL 10

Accepted Solution

by:
koudry earned 500 total points
ID: 33706929
I know nothing about fortigate 60, so what I am about to say, is generic to VPN setup.

The answer to your question is yes, you can setup users so that they access your internal network resources via VPN using your fortigate 60 platform as the gateway.  Now, how you do that, depends. But first of all, you need to setup your VPN server/Concentrator to allow VPN connections from VPN clients.  This may involve setting up some kind of access control lists or policies where the networks of the clients are permitted.  You will need a manual for your VPN end point to find out how to setup VPN connections for remote access.

With the appropriate configurations on your VPN end point, all the users need, is a VPN client of some sort.

- Cisco VPN client: a fat client software from Cisco installed on the client PC with the necessary settings, i.e. userid, password, vpn concentrator IP address (in this case it may be the fortigate 60 if that where the VPN tunnel terminates), a token (one time password) etc.

- Nortel VPN Client: this works the same way as the Cisco VPN client.

The above two solutions may be too expensive so there are other methods. You may want to consider using the web browser as the VPN client, it depends on the sort of VPN solution you want.  

You may want to see my post on a similar issue at http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_23630764.html.  I have added the text below:

------------------------------------------------------

08/08/08 03:34 PM, ID: 22190234

VPN means that you need a secured private tunnel from your local PCs to a remote site. There are different types of VPN so you need to know which one meets your requirements.

(1) Intranet Site to Site VPN: if you want to connect different sites belonging to the same corportation for a LAN to LAN setup.

(2) Extranet Site to Site VPN: to join various suppliers, parters to the main corportation for a LAN to LAN setup.

(3) Remote VPN: suitable if your a mobile worker, salesman or an employee connecting from home to the office site.

What do you need for a VPN connection?

(*) VPN concentrator / Gateway: this component terminates the VPN traffic

(*) Authentication component: used to validate your identity. This can be a RADIUS server. Quite often the person responsible for the VPN gateway, is also responsible for the authentication server.

(*) VPN Client: a piece of software that allows you to connect to the VPN gateway, e.g. Cisco VPN Client, Nortel Contivity client, Rmote Desktop client etc.  The client needs information such as the VPN gateway IP address, authentication group if a security token is used, with shared secret, username and password, to be able to connect to the remote gateway.

Where to you get the information from?

The information required to connect to the VPN gateway / concentrator should be provided by whoever administers the gateway.  For example, if you are connecting to your office from your home computer, then the office network admin responsible for VPN should provide you with all the information you need.

You need to find out from Road runner what the IP address they provided you with, is for. This could be the IP address of the VPN gateway but that is not enough.
Before hand, you need to be clear which type of VPN you need.

-------------------

Good luck
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now