FortiOS 5.2 VPN: IPsec VPN for iOS devices

This recipe uses the IPsec VPN Wizard to provide a group of remote iOS users with secure, encrypted access to the corporate network. The tunnel provides group members with access to the internal network, but forces them through the FortiGate unit when accessing the Internet.

1. Creating a user group for iOS users

Go to User & Device > User > User Definition.

Create a new user.

Go to User & Device > User > User Groups.

Create a user group for iOS users and add the user you created.

2. Adding a firewall address for the local network

Go to Policy & Objects > Objects > Addresses.

Add a firewall address for the Local LAN, including the subnet and local interface.

3. Configuring the IPsec VPN using the IPsec VPN Wizard

Go to VPN > IPsec > Wizard.

Name the VPN connection and select Dial Up – iOS (Native) and click Next.

Set the Incoming Interface to the internet-facing interface.

Select Pre-shared Key for the Authentication Method.

Enter a pre-shared key and select the iOS user group, then click Next.

Set Local Interface to an internal interface (in the example, port 1) and set Local Address to the iOS users address.

Enter an IP range for VPN users in the Client Address Range field.

4. Creating a security policy for access to the Internet

Go to Policy & Objects > Policy > IPv4.

Create a security policy allowing remote iOS users to access the Internet securely through the FortiGate unit.

Set Incoming Interface to the tunnel interface and set Source Address to all.

Set Outgoing Interface to wan1 and Destination Address to all.

Set Service to all and ensure that you enable NAT.

5. Configuring VPN on the iOS device

On the iPad, go to Settings > General > VPN and select Add VPN Configuration.

Enter the VPN address, user account, and password in their relevant fields. Enter the pre-shared key in the Secret field.

6. Results

On the FortiGate unit, go to VPN > Monitor > IPsec Monitor and view the status of the tunnel.

Users on the internal network will be accessible using the iOS device.

Go to Log & Report > Traffic Log > Forward Traffic to view the traffic.

Select an entry to view more information.

Remote iOS users can also access the Internet securely via the FortiGate unit.

Go to Log & Report > Traffic Log > Forward Traffic to view the traffic.

Select an entry to view more information.

You can also view the status of the tunnel on the iOS device itself.

On the device, go to Settings > VPN > Status and view the status of the connection.

Lastly, using a Ping tool, you can send a ping packet from the iOS device directly to an IP address on the LAN behind the FortiGate unit to verify the connection through the VPN tunnel.