In this recipe, you will learn how to create an IPsec VPN on a FortiGate, and securely connect to an internal network using a Windows Phone 10.
Using the IPsec Wizard, you will create an IPsec VPN tunnel that allows users of Windows devices to securely access an internal network. You will then add a VPN connection using valid user credentials on a Windows Phone 10, and connect to the IPsec VPN.
This recipe assumes that a user (dprince) and a user group (WinPhone_Users) have already been created. Access to the VPN is controlled by a pre-shared key, and requires users to supply a user name and password.
A Windows Phone 10 Lumia 930 running build 10581 was used for this configuration.
1. Configuring the IPsec VPN using the IPsec VPN Wizard |
|
|
Go to VPN > IPSec Wizard. Name the VPN connection (WinPhoneVPN). Select the Remote Access template, select the Windows Native device type, and select Next. |
 |
|
Set the Incoming Interface to the Internet-facing interface (wan1). Select the Pre-shared Key authentication method and enter a pre-shared key. Select the user group created earlier and select Next. |
 |
|
Set Local Interface to the internal interface and set Local Address to all. Enter an IP address range for VPN users in the Client Address Range field, enter a Subnet Mask, and select Create. Make sure no other interfaces on the FortiGate are using the same address range. |
 |
|
A summary page shows the wizard’s configuration. |
 |
| Go to Policy & Objects > IPv4 Policy and confirm that the wizard has created two policies: one policy for remote users to access the VPN, and one policy that has Service set to L2TP. |  |
2. Connecting to the IPsec VPN from the Windows 10 Phone |
|
| On the Windows Phone 10, go to Settings > Network & wireless > VPN and select Add a VPN connection. |  |
|
Enter a Connection name and set the Server name or address to the FortiGate’s Internet-facing interface. Set VPN type to Automatic and enter the pre-shared key — this key is the same one you added to the FortiGate. Select Save. |
 |
3. Results |
|
|
You will now connect to the IPsec VPN tunnel. From the VPN screen, select TheOffice. Sign in and connect using dprince‘s credentials. |
|
|
You should now be connected to the IPsec VPN. |
 |
| To verify the connection, on the FortiGate, go to Log & Report > VPN Events. |  |
| You may also verify the user’s connection by going to FortiView > VPN. |  |
The post IPsec VPN for Windows Phone 10 appeared first on Fortinet Cookbook.