Saludos
Mi objetivo: crear un tunel entre dos FG-60B, uno con IP fija y el otro con IP dinámica
Necesidades:
1. Conectar los equipos dentro del FG con ip dinámica a un servidor por TS dentro del FG con ip fija
2. Controlar los equipos dentro del FG con ip dinámica, desde un equipo dentro del FG con ip fija (tipo VNC)
Versión de Firmware: v4.0.2,build0099
¿Alguien sabe donde puedo obtener información para hacer todo esto?
Gracias
Tunel entre 2 FG-60 ip dinamica e ip fija
-
unknown2130
- Mensajes: 11
- Registrado: 03 Jul 2009, 16:56
Re: Tunel entre 2 FG-60 ip dinamica e ip fija
hola, bien, tendras que realizar una vpn entre ls dos fortigate.
lo demas lo manejas como si estuvieras maquinas localmente.
Aqui tienes toda la documentacion para armar una vpn en modo ruta o interface.
[Debes identificarte para poder ver enlaces.]
saludos
lo demas lo manejas como si estuvieras maquinas localmente.
Aqui tienes toda la documentacion para armar una vpn en modo ruta o interface.
[Debes identificarte para poder ver enlaces.]
saludos
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst
-
unknown2130
- Mensajes: 11
- Registrado: 03 Jul 2009, 16:56
Re: Tunel entre 2 FG-60 ip dinamica e ip fija
Gracias por responder, se me presenta un error en el equipo con ip dinámica, anexo la configuración de lo que hice:
FG-60B IP Fija
VPN > IPSEC > Tunel_ps_bd
Phase1
Name: Tunel_ps_bd
Remote Gateway: Dialup User
Local Interface: wan1
Mode: Aggressive
Authentication Method: Preshared Key
Accept this peer ID: ps-bd
Phase2
Name:Tunel
Phase1: Tunel_ps_bd
Firewall > Policy
Source Interface/Zone: internal
Source Address: INTERNAL_LAN
Destination Interface/Zone: wan1
Destination Address: red_remota_dialup
Action: IPSEC
VPN Tunnel: Tunel_ps_bd
[X] Allow inbound
[X] Allow outbound
Firewall > Address
INTERNAL_LAN: 192.168.1.0/255.255.255.0 Interface: internal
red_remota_dialup: 192.168.2.0/255.255.255.0 Interface: wan1
Event Log:
information interface wan1 gets a DHCP lease, ip:201.120.---.---, mask:255.255.255.252, gateway:201.120.---.---, lease expires:Wed Oct 28 17:10:39 2009
negotiate Initiator: sent 187.142.---.--- xauth mode message #1 (OK)
negotiate Responder: parsed 187.142.---.--- aggressive mode message #2 (DONE)
negotiate Responder: sent 187.142.---.--- aggressive mode message #1 (OK)
delete_phase1_sa Deleted an ISAKMP SA on the tunnel to 187.142.---.---:500
FG-60B IP Dinámica
VPN > IPSEC > Tunel_ps_bd
Phase1
Name: Tunel_bd_ps
Remote Gateway: Static Ip Adress
IP Address: 201.120.---.---
Mode: Aggressive
Authentication Method: Preshared Key
Accept this peer ID: ps-bd
Phase2
Name:Tunel
Phase1: Tunel_bd_ps
Firewall > Policy
Source Interface/Zone: internal
Source Address: red_bd
Destination Interface/Zone: wan1
Destination Address: red_remota_interna
Action: IPSEC
VPN Tunnel: Tunel_bd_ps
[X] Allow inbound
[X] Allow outbound
Firewall > Address
red_bd: 192.168.2.0/255.255.255.0 Interface: internal
red_remota_interna: 192.168.1.0/255.255.255.0 Interface: wan1
Event Log:
error negotiate Responder: parsed 201.120.---.--- xauth_client mode message #0 (ERROR)
error negotiate Responder: parsed 201.120.---.--- xauth_client mode message #0 (ERROR)
error negotiate Responder: parsed 201.120.---.--- xauth_client mode message #0 (ERROR)
error negotiate Responder: parsed 201.120.---.--- xauth_client mode message #0 (ERROR)
error negotiate Responder: parsed 201.120.---.--- xauth_client mode message #0 (ERROR)
notice negotiate Initiator: sent 201.120.---.--- aggressive mode message #2 (DONE)
notice negotiate Initiator: sent 201.120.---.--- aggressive mode message #1 (OK)
notice delete_phase1_sa Deleted an ISAKMP SA on the tunnel to 201.120.---.---:500
information interface wan1 gets a DHCP lease, ip:187.142.---.---, mask:255.255.255.252, gateway:187.142.---.---, lease expires:Wed Oct 28 17:13:32 2009
negotiate Responder: parsed 201.120.---.--- xauth_client mode message #0 (ERROR)
FG-60B IP Fija
VPN > IPSEC > Tunel_ps_bd
Phase1
Name: Tunel_ps_bd
Remote Gateway: Dialup User
Local Interface: wan1
Mode: Aggressive
Authentication Method: Preshared Key
Accept this peer ID: ps-bd
Phase2
Name:Tunel
Phase1: Tunel_ps_bd
Firewall > Policy
Source Interface/Zone: internal
Source Address: INTERNAL_LAN
Destination Interface/Zone: wan1
Destination Address: red_remota_dialup
Action: IPSEC
VPN Tunnel: Tunel_ps_bd
[X] Allow inbound
[X] Allow outbound
Firewall > Address
INTERNAL_LAN: 192.168.1.0/255.255.255.0 Interface: internal
red_remota_dialup: 192.168.2.0/255.255.255.0 Interface: wan1
Event Log:
information interface wan1 gets a DHCP lease, ip:201.120.---.---, mask:255.255.255.252, gateway:201.120.---.---, lease expires:Wed Oct 28 17:10:39 2009
negotiate Initiator: sent 187.142.---.--- xauth mode message #1 (OK)
negotiate Responder: parsed 187.142.---.--- aggressive mode message #2 (DONE)
negotiate Responder: sent 187.142.---.--- aggressive mode message #1 (OK)
delete_phase1_sa Deleted an ISAKMP SA on the tunnel to 187.142.---.---:500
FG-60B IP Dinámica
VPN > IPSEC > Tunel_ps_bd
Phase1
Name: Tunel_bd_ps
Remote Gateway: Static Ip Adress
IP Address: 201.120.---.---
Mode: Aggressive
Authentication Method: Preshared Key
Accept this peer ID: ps-bd
Phase2
Name:Tunel
Phase1: Tunel_bd_ps
Firewall > Policy
Source Interface/Zone: internal
Source Address: red_bd
Destination Interface/Zone: wan1
Destination Address: red_remota_interna
Action: IPSEC
VPN Tunnel: Tunel_bd_ps
[X] Allow inbound
[X] Allow outbound
Firewall > Address
red_bd: 192.168.2.0/255.255.255.0 Interface: internal
red_remota_interna: 192.168.1.0/255.255.255.0 Interface: wan1
Event Log:
error negotiate Responder: parsed 201.120.---.--- xauth_client mode message #0 (ERROR)
error negotiate Responder: parsed 201.120.---.--- xauth_client mode message #0 (ERROR)
error negotiate Responder: parsed 201.120.---.--- xauth_client mode message #0 (ERROR)
error negotiate Responder: parsed 201.120.---.--- xauth_client mode message #0 (ERROR)
error negotiate Responder: parsed 201.120.---.--- xauth_client mode message #0 (ERROR)
notice negotiate Initiator: sent 201.120.---.--- aggressive mode message #2 (DONE)
notice negotiate Initiator: sent 201.120.---.--- aggressive mode message #1 (OK)
notice delete_phase1_sa Deleted an ISAKMP SA on the tunnel to 201.120.---.---:500
information interface wan1 gets a DHCP lease, ip:187.142.---.---, mask:255.255.255.252, gateway:187.142.---.---, lease expires:Wed Oct 28 17:13:32 2009
negotiate Responder: parsed 201.120.---.--- xauth_client mode message #0 (ERROR)
Re: Tunel entre 2 FG-60 ip dinamica e ip fija
Hola, donde tenes armada la vpn dialup, no tenes tildado xauth , no ¿? si lo tenes sacalo
tenes armada alguna vpn para forticlient?
si tenes:
1- tiene que tener distinta presharedkey que la vpn del forticlient
2- colocale localid en los 2 extremos de vpn en los 2 fortigates.
saludos
gabriel
tenes armada alguna vpn para forticlient?
si tenes:
1- tiene que tener distinta presharedkey que la vpn del forticlient
2- colocale localid en los 2 extremos de vpn en los 2 fortigates.
saludos
gabriel
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst