How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key

Applicable to Version: 10.00 onwards

This article describes a detailed configuration example that demonstrates how to configure site-to-site
IPSec VPN tunnel between a Cyberoam and Fortinet Firewall using Preshared Key to authenticate
VPN peers.

It is assumed that the reader has a working knowledge of Cyberoam and Fortinet appliance
configuration.

Throughout the article we will consider the below given hypothetical network and other parameters to
establish the connection.



This document has 2 sections:

Fortinet Configuration
Cyberoam Configuration

Fortinet Configuration

The entire configuration is to be done from Web Admin Console. Access Web Admin Console with
user having Administrator profile
How To Establish VPN Tunnel between Cyberoam
and Fortigate using Preshared key

How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key



Step 1: Configure Phase 1 parameters
Go to VPN IPSec Auto-Key and click Create Phase 1 to create a new phase 1 tunnel
configuration as shown below.
Parameters Value
Phase 1 Settings
Name Cyberoam
Remote Gateway Static IP Address
IP Address 202.134.168.202

WAN IP/Public IP address of the Cyberoam
Local Interface port2

Select the interface through which Cyberoam connects
to the Fortigate unit
Mode Main (default)
Authentication Method Preshared Key
Pre-shared Key As per your requirement

(Same as configured in the Cyberoam)
Advanced Configuration
P1 Proposal 1 - Encryption: 3DES
Authentication: MD5
DH Group 2
Keylife 28800
X-Auth Disable
Dead Peer Detection Enable

How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key




Step 2: Configure Phase 2 parameters
Go to VPN IPSec Auto-Key and click Create Phase 2 to create a new phase 2 tunnel
configuration as shown below.
Parameters Value
Phase 2 Settings
Name For Cyberoam
Phase 1 Cyberoam (Created in Step 1)
Advanced Configuration
P2 Proposal 1 - Encryption: 3DES
Authentication: MD5
Enable replay
detection
Enable
Enable perfect
forward secrecy
(PFS)
Enable
DH Group 2
Keylife 1800 seconds
Auto key Keep Alive Enable
Quick Mode Selector
How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key



Source address 172.50.50.0/24
Destination address 172.16.16.0/24



Step 3: Add firewall addresses

Create firewall addresses for the private networks at either end of the VPN.

Create address for Cyberoam subnet

Go to Firewall Address and click New

Parameters Value
Address Name Cyberoamsubnet
Type Subnet/IP Range
Subnet/IP Range 172.16.16.0/255.255.255.0
Interface Any

How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key




Create address for Fortinet subnet
Go to Firewall Address and click New

Parameters Value
Address Name Fortinetsubnet
Type Subnet/IP Range
Subnet/IP Range 172.50.50.0/255.255.255.0
Interface Any


How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key



Step 4: Configure Firewall policy

Parameters Value
Source Interface/Zone port1
Source Address Fortinetsubnet (as created in step 3)
Destination
Interface/Zone
port2
Destination Address Cyberoamsubnet (as created in step 3)
Action IPSEC
VPN Tunnel Cyberoam (as created in step1 )
Allow inbound Enable
Allow Outbound Enable





Cyberoam Configuration

The entire configuration is to be done from Web Admin Console. Access Web Admin Console with
user having Administrator profile

Step 1: Create IPSec connection

Go to VPN IPSec Connection and click on Add button to create Connection with the following
values:

How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key





Parameters Value
General Settings
Name Fortinet
Connection Type Site to Site
Policy Default Policy
Action on VPN Restart Initiate
Authentication Details
Authentication Type Preshared Key
Preshared Key
Specify the preshared key to be used.
This preshared key will have to be shared or communicated to the
peer at the remote end. At the remote end, client will have to
specify this key for authentication.
Confirm Preshared Key Specify preshared key again for confirmation
Local Network Details
Local WAN Port
202.134.168.202
Select WAN port which acts as end-point to the tunnel
Local Subnet
172.16.16.0/24
Select Local LAN Address. Add and Remove LAN Address using
Add Button and Remove Button
Remote Network Details
Remote VPN Sever 202.134.168.208
Remote Subnet
172.50.50.0/24
How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key



Note* - In a single connection, same subnet for LAN and Remote
network cannot be configured.


Click on OK and the IPSec Connection Fortinet will be added successfully.


Step 2: Activate Connection

Go to VPN IPSec Connection and click under Status against the Fortinet connection to
activate the connection.

under Status indicates that the connection is successfully activated.

How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key





Note

Please, make sure that Firewall Rules - LAN to VPN and VPN to LAN traffic is allowed in Cyberoam.

Reference Documents

VPN Troubleshooting Guide
Document Version 1.1 01/09/2011

The Corporate and individual names, data and other configuration & network parameters images in this
document are for demonstration purposes only and does not reflect the real data.