How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key
Applicable to Version: 10.00 onwards
This article describes a detailed configuration example that demonstrates how to configure site-to-site IPSec VPN tunnel between a Cyberoam and Fortinet Firewall using Preshared Key to authenticate VPN peers.
It is assumed that the reader has a working knowledge of Cyberoam and Fortinet appliance configuration.
Throughout the article we will consider the below given hypothetical network and other parameters to establish the connection.
This document has 2 sections:
Fortinet Configuration Cyberoam Configuration
Fortinet Configuration
The entire configuration is to be done from Web Admin Console. Access Web Admin Console with user having Administrator profile How To Establish VPN Tunnel between Cyberoam and Fortigate using Preshared key
How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key
Step 1: Configure Phase 1 parameters Go to VPN IPSec Auto-Key and click Create Phase 1 to create a new phase 1 tunnel configuration as shown below. Parameters Value Phase 1 Settings Name Cyberoam Remote Gateway Static IP Address IP Address 202.134.168.202
WAN IP/Public IP address of the Cyberoam Local Interface port2
Select the interface through which Cyberoam connects to the Fortigate unit Mode Main (default) Authentication Method Preshared Key Pre-shared Key As per your requirement
(Same as configured in the Cyberoam) Advanced Configuration P1 Proposal 1 - Encryption: 3DES Authentication: MD5 DH Group 2 Keylife 28800 X-Auth Disable Dead Peer Detection Enable
How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key
Step 2: Configure Phase 2 parameters Go to VPN IPSec Auto-Key and click Create Phase 2 to create a new phase 2 tunnel configuration as shown below. Parameters Value Phase 2 Settings Name For Cyberoam Phase 1 Cyberoam (Created in Step 1) Advanced Configuration P2 Proposal 1 - Encryption: 3DES Authentication: MD5 Enable replay detection Enable Enable perfect forward secrecy (PFS) Enable DH Group 2 Keylife 1800 seconds Auto key Keep Alive Enable Quick Mode Selector How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key
Create firewall addresses for the private networks at either end of the VPN.
Create address for Cyberoam subnet
Go to Firewall Address and click New
Parameters Value Address Name Cyberoamsubnet Type Subnet/IP Range Subnet/IP Range 172.16.16.0/255.255.255.0 Interface Any
How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key
Create address for Fortinet subnet Go to Firewall Address and click New
Parameters Value Address Name Fortinetsubnet Type Subnet/IP Range Subnet/IP Range 172.50.50.0/255.255.255.0 Interface Any
How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key
Step 4: Configure Firewall policy
Parameters Value Source Interface/Zone port1 Source Address Fortinetsubnet (as created in step 3) Destination Interface/Zone port2 Destination Address Cyberoamsubnet (as created in step 3) Action IPSEC VPN Tunnel Cyberoam (as created in step1 ) Allow inbound Enable Allow Outbound Enable
Cyberoam Configuration
The entire configuration is to be done from Web Admin Console. Access Web Admin Console with user having Administrator profile
Step 1: Create IPSec connection
Go to VPN IPSec Connection and click on Add button to create Connection with the following values:
How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key
Parameters Value General Settings Name Fortinet Connection Type Site to Site Policy Default Policy Action on VPN Restart Initiate Authentication Details Authentication Type Preshared Key Preshared Key Specify the preshared key to be used. This preshared key will have to be shared or communicated to the peer at the remote end. At the remote end, client will have to specify this key for authentication. Confirm Preshared Key Specify preshared key again for confirmation Local Network Details Local WAN Port 202.134.168.202 Select WAN port which acts as end-point to the tunnel Local Subnet 172.16.16.0/24 Select Local LAN Address. Add and Remove LAN Address using Add Button and Remove Button Remote Network Details Remote VPN Sever 202.134.168.208 Remote Subnet 172.50.50.0/24 How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key
Note* - In a single connection, same subnet for LAN and Remote network cannot be configured.
Click on OK and the IPSec Connection Fortinet will be added successfully.
Step 2: Activate Connection
Go to VPN IPSec Connection and click under Status against the Fortinet connection to activate the connection.
under Status indicates that the connection is successfully activated.
How To Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key
Note
Please, make sure that Firewall Rules - LAN to VPN and VPN to LAN traffic is allowed in Cyberoam.
Reference Documents
VPN Troubleshooting Guide Document Version 1.1 01/09/2011
The Corporate and individual names, data and other configuration & network parameters images in this document are for demonstration purposes only and does not reflect the real data.