beautypg.com

Fortinet FortiGate v3.0 MR7 User Manual

Page 56

background image

FortiOS v3.0 MR7 User Authentication User Guide

56

01-30007-0347-20080828

VPN authentication

Configuring authenticated access

4

Enter Starting IP and Ending IP addresses. This defines the range of addresses
assigned to VPN clients.

5

Select the user group that is to have access to this VPN. The FortiGate unit
authenticates members of this user group.

6

Select Apply.

To configure authentication for a PPTP VPN - CLI

config vpn pptp

set eip

set sip

set status enable

set usrgrp

end

You also need to define a firewall policy that permits packets to pass from VPN
clients with addresses in the specified range to IP addresses that the VPN clients
need to access on the private network behind the FortiGate unit. The Action for
this firewall policy is ACCEPT, not ENCRYPT, because the allowed user group is
defined in the PPTP VPN configuration, not in the firewall policy.

For detailed information about configuring PPTP, see the

FortiGate PPTP VPN

User Guide

.

Configuring authentication of L2TP VPN users/user groups

Authentication of a FortiGate L2TP configuration must be done using the
config vpn l2tp

CLI command.

To configure authentication for an L2TP VPN - CLI

config vpn l2tp

set eip

set sip

set status enable

set usrgrp

end

For more information, see the

FortiGate CLI Reference

.

Configuring authentication of remote IPSec VPN users

An IPSec VPN on a FortiGate unit can authenticate remote users through a dialup
group. The user account name is the peer ID and the password is the pre-shared
key. For information about authentication using peer IDs and peer groups, see the

FortiGate IPSec VPN User Guide

.

Authentication through user groups is supported for groups containing only local
users. To authenticate users using a RADIUS or LDAP server, you must configure
XAUTH settings. See

“Configuring XAuth authentication” on page 58

.

To configure user group authentication for dialup IPSec - web-based
manager

1

Configure the dialup users who are permitted to use this VPN. Create a user
group with Type:Firewall and add them to it.

For more information, see

“Users/peers and user groups” on page 33

.

See also other documents in the category Fortinet Hardware: