Description
This article describes Dial up Ipsec VPN with FortiToken and activation process.
Scope
FortiToken.
Solution
- Create a user definition with at least 6 characters.
- Go to System -> Config -> Advance and under email service enter an email and smtp server which could be : smtp.fortinet.com.
- Enable authentication in front of the smtp user: enter the email address, the password and then apply.
- Go back to the user which has been created and enable email address and SMS.
- elect the country and the phone number.
- Enable two factor authentications.
- Select the Token and add the group.
- Select send activation code: a code is sent on the phone or email
- Use this code for activating the mobile FortiToken after installation.
- Add the user to the user group.
- Install the FortiToken mobile on the phone and then use a random username (test) with the activation code received via email or SMS.
- This links the FortiToken mobile to the FortiGate .
- This may take a few minutes for the token to be assigned to the user.
- Otherwise, thus shows as pending.
- Go to the FortiToken and make sure this is showing as assigned and not pending.
- The mobile generates a code that gives enough time to do the following process, a maximum 1 minute.
- Enter the credential on the phone within 1 minute.
- Before that enter: server ip/account will be the user created and password will be the user password with no space and Token generated key: for example, if the user password is 123456 and the generated code is 45324, enter 12345645324 which will be consider as password.
- Enter the group name and the pre-shared key from the phase 1 vpn.once turnt on the vpn, enter 12345645324 which includes the user password and the generated Token code.
- The setting on the phone can be done first.
- Enter the password with the token key to not run out of time with the token code. Remember the FortiToken has to show assigned and not pending.
- Add this group to the phase 1 VPN as well.
