Establish VPN Tunnel between Cyberoam and Fortinet using Preshared key

Applicable to Version: 9.4.0 build 2 onwards This article describes a detailed configuration example that demonstrates how to configure site-to-site IPSec VPN tunnel between a Cyberoam and Fortinet Firewall using Preshared Key to authenticate VPN peers. It is assumed that the reader has a working knowledge of Cyberoam and Fortinet appliance configuration. Throughout the article we will consider the below given hypothetical network and other parameters to establish the connection.

Fortinet Configuration
Step 1. Configure Phase 1 parameters Go to VPN > IPSec > Auto-Key and click Create Phase 1 to create a new phase 1 tunnel configuration as shown below. Name: Cyberoam

Remote Gateway: Static IP Address IP Address: 202.134.168.202 (Public IP address of the Cyberoam) Local Interface: wan1 (Select the interface through which Cyberoam connects to the Fortigate unit) Mode: Main (default) Authentication Method: Preshared Key Pre-shared Key: As per your required (same as configured in the Cyberoam) Under Advanced P1 Proposal:1-Encryption: 3DES, Authentication: MD5 DH Group: 2 Keylife: 28800 X-Auth: Disable Nat-traversal: Enable Keepalive Frequency: 10 Dead Peer Detection: Enable

Step 2. Configure Phase 2 parameters Go to VPN > IPSec > Auto-Key and click Create Phase 2 to create a new phase 2 tunnel configuration as shown below. Name: For Cyberoam Phase 1: Cyberoam (created in step 1) Under Advanced P2 Proposal:1-Encryption: 3DES, Authentication: MD5 Enable replay detection: Enable Enable perfect forward secrecy: Enable

DH Group: 2 Keylife: 1800 seconds Auto key Keep Alive:Enable Under Quick Mode Selector Source address: 172.50.50.0/24 Destination address: 172.16.16.0/24

Step 3. Add firewall addresses Create firewall addresses for the private networks at either end of the VPN. Create address for Cyberoam subnet Go to Firewall > Address and click New Address Name: Cyberoamsubnet Type: Subnet/IP Range Subnet/IP Range: 172.16.16.0/255.255.255.0 Interface: wan1 Create address for Fortinet subnet Go to Firewall > Address and click New Address Name: FortinetSubnet Type: Subnet/IP Range Subnet/IP Range: 172.50.50.0/ 255.255.255.0

Interface: internal Step 4. Configure Firewall policy Source Interface/Zone: internal Source Address: FortinetSubnet (as created in step 3) Destination Interface/Zone: wan1 Destination Address: Cyberoamsubnet (as created in step 3) Action: IPSEC VPN Tunnel: Cyberoam (as created in step 1) Allow inbound: Enable Allow Outbound: Enable

Cyberoam Configuration
Log on to Cyberoam Web Admin Console and perform the following steps: Step 5: Create IPSec connection Go to VPN IPSec Connection Create Connection and create connection with the following values:

Connection name: Fortinet Policy: Default Action on restart: As per your requirement Mode: Tunnel Connection Type: Net to Net Authentication Type Preshared Key Preshared Key: As per your requirement Local server IP address (WAN IP address) 202.134.168.202 Local Internal Network 172.16.16.0/24 Remote server IP address (WAN IP address) 202.134.168.208 Remote Internal Network 172.50.50.0/24

Step 6: Activate and Establish Connection Go to VPN IPSec Connection Manage Connection and click against the connection.