Astaro to Fortinet IPsec VPN settings

Article Number: AKB001130 Page Status: Outdated

Astaro ASG v8 speaking IPSEC to Fortinet FG60B Astaro Settings:

Remote Gateway Settings: Gateway Type: Initiate Connection Gateway: WAN1 Address of FG 60B Authentication Type: Preshared Key Remote Networks: Entire network on Internal Interface of FG 60B Policies Settings: Policy Name: Fortigate IKE encryption algorithm: 3DES IKE authentication algorithm: MD5 IKE SA lifetime: 7800 IKE DH group: Group5: MODP 1536 Connections Settings: Remote Gateway: As defined above Local Interface: External (WAN1) Policy: Fortigate Local Networks: Internal

Fortigate 60B Settings:

VPN Auto Key (IKE) Phase 1: Remote Gateway: Static IP Address IP Address: WAN Interface of Astaro Local Interface: wan1 Mode: Main (ID protection) Authentication Method: Preshared Key Advanced VPN Auto Key (IKE) Phase 1:

Enable IPSec Interface Mode: Not checked P1 Proposal: 1 - Encryption: 3DES Authentication: SHA1 2 - Encryption: 3DES Authentication: MD5 DH Group: 5 Keylife: 7800 XAuth: Disabled NAT-traversal: Disabled Keepalive Frequency: 10 Dead Peer Detection: Enabled VPN Auto Key (IKE) Phase 2: Phase 1: As defined above Advanced VPN Auto Key (IKE) Phase 2: P2 Proposal: 1 - Encryption: 3DES Authentication: SHA1 2 - Encryption: 3DES Authentication: MD5 Enable replay detection: yes Enable perfect forward secrecy(PFS): yes DH Group: 5 Keylife: 7800 Quick Mode Selector: Source adress: Entire internal network on FG60B Source port: 0 Destination address: Entire internal network on Astaro Destination port: 0 Protocol: 0 Firewall Policy Settings: Internal => WAN1 Source Interface/Zone: Internal Source Address: All Destination Interface/Zone: WAN1 Destination Address: All Schedule: always Service: ANY Action: IPSEC VPN Tunnel: As defined above Allow inbound: yes

Allow outbound: yes Protection profile: as desired Traffic shaping: as desired