Description
This article describes Dial up Ipsec VPN with FortiToken and activation process.
Scope
Follow these steps:
1) Create a user definition with at least 6 characters.
2) Go to System -> Config -> Advance and under email service enter an email and smtp server which could be : smtp.fortinet.com.
-Enable authentication in front of the smtp user: enter the email address, the password and then apply.
3) Go back to the user which has been created and enable email address and sms.
-Select the country and the phone number.
-Enable two factor authentications.
-Select the Token and add the group.
-Click on send activation code: a code is sent on the phone or email.
-Use this code for activating the mobile FortiToken after installation.
5) Add the user in the user group.
-Install the FortiToken mobile on the phone and then use a random user name(test) with the activation code recieved via email or sms.
-This link the FortiToken mobile to the FortiGate .
-This may take a few minutes for the token to be assigned with the user.
-Otherwise, thus shows as pending.
-Go to the FortiToken and make sure this is showing as assigned and not pending.
6) The mobile generates a code which gives enough time to do the following process, maximum 1 minute.
7) Enter the credential on the phone within 1 minute.
-Before that enter: server ip/account will be the user created and password will be the user password with no space and Token generated key: for example if the user password is 123456 and the generated code is 45324, enter 12345645324
which will be consider as password.
-Enter the group name and the pre-shared key from the phase 1 vpn.once turnt on the vpn, enter 12345645324 which includes the user password and the generated Token code.
-The setting on the phone can be done first.
-Enter the password with the token key in order to not run out of time with the token code.
Remember the FortiToken has to show assigned and not pending.
8) Add this group to the phase 1 vpn as well.
