For more information, see Phase 1 parameters on page 1624. To authenticate FortiGate dialup clients and help to distinguish them from FortiClient dialup clients when multiple clients will be connecting to the VPN through the same tunnel, best practices dictate that you assign a unique identifier (local ID or peer ID) to each FortiGate dialup client. Several different ways to authenticate dialup clients and restrict access to private networks based on client credentials are available. As long as authentication is successful and the IPsec security policy associated with the tunnel permits access, the tunnel is established. In a dialup-client configuration, the FortiGate dialup server does not rely on a Phase 1 remote gateway address to establish an IPsec VPN connection with dialup clients. The FortiGate dialup client typically obtains a dynamic IP address from an ISP through the Dynamic Host Configuration Protocol (DHCP) or Point-to-Point Protocol over Ethernet (PPPoE) before initiating a connection to a FortiGate dialup server.Į xa m p l e FortiGate dialup-client configuration
Configure the server to accept FortiGate dialup-client connectionsĪ dialup client can be a FortiGate unit.FortiGate dialup-client configuration steps.
The following topics are included in this section: Configuration overview.In a FortiGate dialup-client configuration, a FortiGate unit with a static IP address acts as a dialup server and a FortiGate unit having a dynamic IP address initiates a VPN tunnel with the FortiGate dialup server. This section explains how to set up a FortiGate dialup-client IPsec VPN. Fo r ti G a t e dialup-client configurations
0 kommentar(er)
