Configuring an IPsec VPN for iOS devices

Configuring an IPsec VPN for iOS devices
Configuring an IPsec VPN for iOS devices
This recipe uses the IPsec VPN Wizard to provide a group of remote iOS users with
secure, encrypted access to the corporate network. The tunnel provides group members
with access to the internal network, but forces them through the FortiGate unit when
accessing the Internet.
This recipe was tested using an iPad 2 running iOS version 7.1.
1. Creating a user group for iOS users
2. Adding a firewall address for the local network
3. Configuring IPsec VPN using the IPsec VPN Wizard
4. Creating a security policy for access to the Internet
5. Configuring VPN on the iOS device
6. Results
WAN 1
172.20.120.123
FortiGate
Local LAN
10.10.111.1-10.10.111.254
Internal Network
Internet
IPsec
Remote User
(iPad)
1. Creating a user group for iOS users
Go to User & Device > User > User
Definition.
Create a new Local User with the
User Creation Wizard.
Proceed through each step of
the wizard, carefully entering the
appropriate information.
Go to User & Device > User > User
Groups.
Create a user group for iOS users and
add the user you created.
2. Adding a firewall address for the local network
Go to Policy & Objects > Objects >
Addresses.
Add a firewall address for the Local
LAN, including the subnet and local
interface.
3. Configuring the IPsec VPN using the IPsec VPN Wizard
Go to VPN > IPSec > Wizard.
Name the VPN connection and select
Dial Up - iOS (Native) and click
Next.
Set the Incoming Interface to the
internet-facing interface.
Select Pre-shared Key for the
Authentication Method.
Enter a pre-shared key and select the
iOS user group, then click Next.
The pre-shared key is a credential
for the VPN and should differ from
the user’s password.
Set Local Interface to an internal
interface (in the example, port 1) and
set Local Address to the local LAN
address.
Enter an IP range for VPN users in the
Client Address Range field.
The IP range you enter here
prompts FortiOS to create a new
firewall object for the VPN tunnel
using the name of your tunnel
followed by the _range suffix (in
this case, iOSvpn_Native_range).
In addition, FortiOS automatically
creates a security policy to allow
remote users to access the
internal network.
4. Creating a security policy for access to the Internet
Go to Policy & Objects > Policy >
IPv4.
Create a security policy allowing
remote iOS users to access the
Internet securely through the
FortiGate unit.
Set Incoming Interface to the tunnel
interface and set Source Address to
all.
Set Outgoing Interface to wan1
and Destination Address to all.
Set Service to all and ensure that
you enable NAT.
5. Configuring VPN on the iOS device
On the iPad, go to Settings >
General > VPN and select Add VPN
Configuration.
Enter the VPN address, user account,
and password in their relevant fields.
Enter the pre-shared key in the
Secret field.
6. Results
On the FortiGate unit, go to VPN >
Monitor > IPsec Monitor and view
the status of the tunnel.
Users on the internal network will be
accessible using the iOS device.
Go to Log & Report > Traffic Log >
Forward Traffic to view the traffic.
Select an entry to view more
information.
Remote iOS users can also access
the Internet securely via the FortiGate
unit.
Go to Log & Report > Traffic Log >
Forward Traffic to view the traffic.
Select an entry to view more
information.
You can also view the status of the
tunnel on the iOS device itself.
On the device, go to Settings >
VPN > Status and view the status of
the connection.
Lastly, using a Ping tool, you can send
a ping packet from the iOS device
directly to an IP address on the LAN
behind the FortiGate unit to verify the
connection through the VPN tunnel.
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement