null  null
Providing secure remote access to a network
for an iOS device
This recipe uses the VPN Wizard to provide a group of remote iOS users with
secure, encrypted access to the corporate network. The example enables group
members to access the internal network and forces them through the FortiGate unit
when accessing the Internet. The example uses an iPad 2 running iOS 6.1.2 (menu
options may vary for different iOS versions and devices).
1. Creating a user group for iOS users
2. Adding addresses for the local LAN and remote users
3. Configuring IPsec VPN phases using the VPN Wizard
4. Creating security policies for access to the internal network and
the Internet
5. Configuring VPN on the iOS device
6. Results
WAN 1
172.20.120.123
FortiGate
Port 1
192.168.1.99/24
Internal Network
Internet
IPsec
Remote User
(iPad)
Creating a user group for
iOS users
Go to User & Device > User > User
Definition.
Create a new user.
Go to User & Device > User > User
Groups.
Create a user group for iOS users and add
the user you created.
Adding addresses for the
local LAN and remote users
Go to Firewall Objects > Address >
Addresses.
Add the address for the local network,
including the subnet and local interface.
Go to Firewall Objects > Address >
Addresses.
Add the address for the remote user,
including the IP range.
Configuring the IPsec VPN
phases using the VPN Wizard
Go to VPN > IPSec > Auto Key (IKE).
Select Create VPN Wizard. Name the VPN
connection and select Dial Up - iPhone /
iPad Native IPsec Client. Click Next.
Enter your pre-shared key and select the iOS
user group, then click Next. Note that the
pre-shared key is a credential for the VPN
and should differ from the user’s password.
Select your Internet-facing interface for the
Local Outgoing Interface, and enter the IP
range from the address range you created.
330
The FortiGate Cookbook 5.0.5
Assigning an IP to the VPN
interface (optional)
If you wish to control the IP address that will
be assigned to any traffic egressing over the
IPsec interface, you can assign an IP to the
interface.
Go to System > Network > Interfaces.
Expand your Internet-facing interface and
edit the VPN interface.
Assign the IP and Remote IP addresses.
These addresses should not be related to
the IPs used for the internal network or the
Internet-facing interface.
Creating security policies
for access to the internal
network and the Internet
Go to Policy > Policy > Policy.
Create a security policy allowing remote iOS
users to access the internal network.
Go to Policy > Policy > Policy.
Create a security policy allowing remote iOS
users to access the Internet securely through
the FortiGate unit. Ensure that Enable NAT
is checkmarked.
Configuring VPN on the iOS
device
On the iPad, go to Settings > General >
VPN and select Add VPN Configuration.
Enter the VPN address, user account, and
password in their relevant fields. Enter the
pre-shared key in the Secret field.
In order to connect to the VPN tunnel, a
Group Name may be required. If you are
unable to connect, add this field to the
VPN client to determine if the blank field is
the cause.
Results
On the FortiGate unit, go to VPN >
Monitor > IPsec Monitor and view the
status of the tunnel.
Users on the internal network will be
accessible using the iOS device.
Go to Log & Report > Traffic Log >
Forward Traffic to view the traffic.
Select an entry to view more information.
Remote iOS users can also access the
Internet securely via the FortiGate unit.
Go to Log & Report > Traffic Log >
Forward Traffic to view the traffic.
Select an entry to view more information.
View the status of the tunnel on the iOS
device.
On the iPad, go to Settings > General >
VPN and view the Status of the connection.
Using a Ping tool, send a ping packet
directly to an IP address on the LAN behind
the FortiGate unit to verify the connection
through the VPN tunnel..
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement