Below are example of: Astaro ASG v8 speaking IPSEC to Fortinet FG60B
Astaro Settings:
Remote Gateway Settings:
Gateway Type: Initiate Connection
Gateway: WAN1 Address of FG 60B
Authentication Type: Preshared Key
Remote Networks: Entire network on Internal Interface of FG 60B
Policies Settings:
Policy Name: Fortigate
IKE encryption algorithm: 3DES
IKE authentication algorithm: MD5
IKE SA lifetime: 7800
IKE DH group: Group5: MODP 1536
Connections Settings:
Remote Gateway: As defined above
Local Interface: External (WAN1)
Policy: Fortigate
Local Networks: Internal
Fortigate 60B Settings:
VPN Auto Key (IKE) Phase 1:
Remote Gateway: Static IP Address
IP Address: WAN Interface of Astaro
Local Interface: wan1
Mode: Main (ID protection)
Authentication Method: Preshared Key
Advanced VPN Auto Key (IKE) Phase 1:
Enable IPSec Interface Mode: Not checked
P1 Proposal:
1 – Encryption: 3DES Authentication: SHA1
2 – Encryption: 3DES Authentication: MD5
DH Group: 5
Keylife: 7800
XAuth: Disabled
NAT-traversal: Disabled
Keepalive Frequency: 10
Dead Peer Detection: Enabled
VPN Auto Key (IKE) Phase 2:
Phase 1: As defined above
Advanced VPN Auto Key (IKE) Phase 2:
P2 Proposal:
1 – Encryption: 3DES Authentication: SHA1
2 – Encryption: 3DES Authentication: MD5
Enable replay detection: yes
Enable perfect forward secrecy(PFS): yes
DH Group: 5
Keylife: 7800
Quick Mode Selector:
Source adress: Entire internal network on FG60B
Source port: 0
Destination address: Entire internal network on Astaro
Destination port: 0
Protocol: 0
Firewall Policy Settings:
Internal => WAN1
Source Interface/Zone: Internal
Source Address: All
Destination Interface/Zone: WAN1
Destination Address: All
Schedule: always
Service: ANY
Action: IPSEC
VPN Tunnel: As defined above
Allow inbound: yes
Allow outbound: yes
Protection profile: as desired
Traffic shaping: as desired