Académique Documents
Professionnel Documents
Culture Documents
by Aggressive mode
Environment Introduction
Sangfor:
Static public IP, directly connect to internet.
Fortinet/FortiGate:
ADSL, directly connect to internet.
Customer want to side intranet visit each other via IPSec VPN
Configuration:
Fortinet:
Fortinet looks like no peer ID type can chose, it should be FQDN type, we try peer ID
www.sangfor.com
Encryption: sangfor support DES/3DES/AES-128
DH group: sangfor support 1/2/5
Local ID: we type this Fortinet DDNS benline.fortidyndns.com
Phase 2 PFS DH group must keep the same with phase 1
5. After we finish configure two side ,we can see the VPN tunnel status in IPSec Monitor.
6. If some configuration error, we can also check the log in VPN log.
2.Build VPN WANO interface. Notice Use static internet IP is the interface IP not the Gateway ip.
5. Configure Phase 2
6. After successfully configuration, we can see the tunnel in the IPSec VPN status.