Solved

Fortigate VPN Link

Posted on 2010-09-17
1
901 Views
Last Modified: 2012-06-27
We have a fortigate 60 at our office which has an IPSEC VPN (INTERNAL to DATA CENTER) to our data center firewall, a Cisco ASA. We also have a IPSEC VPN so users can connect to the fortigate and access our INTERNAL network. Is it possible to easily allow users connected to the INTERNETAL IPSEC VPN access to the DATA CENTER?
0
Comment
Question by:GCaron
1 Comment
 
LVL 10

Accepted Solution

by:
koudry earned 500 total points
ID: 33706929
I know nothing about fortigate 60, so what I am about to say, is generic to VPN setup.

The answer to your question is yes, you can setup users so that they access your internal network resources via VPN using your fortigate 60 platform as the gateway.  Now, how you do that, depends. But first of all, you need to setup your VPN server/Concentrator to allow VPN connections from VPN clients.  This may involve setting up some kind of access control lists or policies where the networks of the clients are permitted.  You will need a manual for your VPN end point to find out how to setup VPN connections for remote access.

With the appropriate configurations on your VPN end point, all the users need, is a VPN client of some sort.

- Cisco VPN client: a fat client software from Cisco installed on the client PC with the necessary settings, i.e. userid, password, vpn concentrator IP address (in this case it may be the fortigate 60 if that where the VPN tunnel terminates), a token (one time password) etc.

- Nortel VPN Client: this works the same way as the Cisco VPN client.

The above two solutions may be too expensive so there are other methods. You may want to consider using the web browser as the VPN client, it depends on the sort of VPN solution you want.  

You may want to see my post on a similar issue at http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_23630764.html.  I have added the text below:

------------------------------------------------------

08/08/08 03:34 PM, ID: 22190234

VPN means that you need a secured private tunnel from your local PCs to a remote site. There are different types of VPN so you need to know which one meets your requirements.

(1) Intranet Site to Site VPN: if you want to connect different sites belonging to the same corportation for a LAN to LAN setup.

(2) Extranet Site to Site VPN: to join various suppliers, parters to the main corportation for a LAN to LAN setup.

(3) Remote VPN: suitable if your a mobile worker, salesman or an employee connecting from home to the office site.

What do you need for a VPN connection?

(*) VPN concentrator / Gateway: this component terminates the VPN traffic

(*) Authentication component: used to validate your identity. This can be a RADIUS server. Quite often the person responsible for the VPN gateway, is also responsible for the authentication server.

(*) VPN Client: a piece of software that allows you to connect to the VPN gateway, e.g. Cisco VPN Client, Nortel Contivity client, Rmote Desktop client etc.  The client needs information such as the VPN gateway IP address, authentication group if a security token is used, with shared secret, username and password, to be able to connect to the remote gateway.

Where to you get the information from?

The information required to connect to the VPN gateway / concentrator should be provided by whoever administers the gateway.  For example, if you are connecting to your office from your home computer, then the office network admin responsible for VPN should provide you with all the information you need.

You need to find out from Road runner what the IP address they provided you with, is for. This could be the IP address of the VPN gateway but that is not enough.
Before hand, you need to be clear which type of VPN you need.

-------------------

Good luck
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Excessive tcp resends from my ASA 7 74
cradle point vpn to sonicwall 5 98
Internet Protocol Security question 3 95
how to get delisted from spamhaus DBL 3 35
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question