In this recipe, you will learn how to create an IPsec VPN on a FortiGate, and connect to it using a Windows Phone 10.
Using the IPsec Wizard, you will create an IPsec VPN tunnel that allows users of Windows devices to securely access an internal network, as well as browse the Internet through the VPN tunnel. You will then add a VPN connection using valid user credentials on a Windows Phone 10, and connect to the IPsec VPN.
This recipe assumes that a user called “dprince” and a user group called “WinPhone_Users“ have already been created. Access to the VPN is controlled by a pre-shared key, and requires users to supply a user name and password.
A Windows Phone 10 Lumia 930 running build 10581 was used for this configuration.
1. Configuring the IPsec VPN using the IPsec VPN Wizard |
|
|
Go to VPN > IPSec Wizard, and you will be taken to the VPN Creation Wizard. Name the VPN connection (in the example, WinPhoneVPN). Select the Remote Access template, select the Windows Native device type, and select Next. |
 |
|
Set the Incoming Interface to the internet-facing interface (wan1). Select the Pre-shared Key authentication method and enter a pre-shared key. Select the user group created earlier and select Next. |
 |
|
Set Local Interface to the internal interface and set Local Address to all. Enter an IP address range for VPN users in the Client Address Range field, enter a Subnet Mask, and select Create. Make sure no other interfaces on the FortiGate are using the same address range. |
 |
| The IPsec VPN Wizard finishes with a summary of created objects. |  |
| Go to Policy & Objects > Policy > IPv4 and confirm that the wizard has created two policies: one policy for remote users to access the VPN, and one policy that has Service set to L2TP. |  |
2. Connecting to the IPsec VPN from the Windows 10 Phone |
|
| On the Windows Phone 10, go to Settings > Network & wireless > VPN and select Add a VPN connection. |  |
|
Enter a Connection name and set the Server name or address to the FortiGate’s IP address of the Internet facing interface. Set VPN type to Automatic and enter the pre-shared key — this key is the same one you added to the FortiGate. Select Save. |
 |
3. Results |
|
|
You will now connect to the IPsec VPN tunnel. From the VPN screen, select TheOffice. Sign in and connect using dprince‘s credentials. |
|
|
You should now be connected to the IPsec VPN. |
 |
| To verify the connection, on the FortiGate, go to Log & Report > VPN Events. |  |
| You may also verify the user’s connection by going to FortiView > VPN. |  |
The post IPsec VPN for Windows Phone 10 appeared first on Fortinet Cookbook.