Fortinet FortiGate 4000 Switch User Manual


 
258 Fortinet Inc.
Monitoring and Troubleshooting VPNs IPSec VPN
Viewing dialup VPN connection status
You can use the dialup monitor to view the status of dialup VPNs. The dialup monitor
lists the remote gateways and the active VPN tunnels for each gateway. The monitor
also lists the tunnel lifetime, timeout, proxy ID source, and proxy ID destination for
each tunnel.
To view dialup connection status
1 Go to VPN > IPSec > Dialup Monitor.
2 View the dialup connection status information for the FortiGate unit:
Figure 76: Dialup Monitor
Testing a VPN
To confirm that a VPN between two networks has been configured correctly, use the
ping command from one internal network to connect to a computer on the other
internal network. The IPSec VPN tunnel starts automatically when the first data packet
destined for the VPN is intercepted by the FortiGate unit.
To confirm that a VPN between a network and one or more clients has been
configured correctly, start a VPN client and use the ping command to connect to a
computer on the internal network. The VPN tunnel initializes automatically when the
client makes a connection attempt. You can start the tunnel and test it at the same
time by pinging from the client to an address on the internal network.
Remote gateway The IP address of the remote dialup remote gateway on the FortiGate unit.
Lifetime The amount of time that the dialup VPN connection has been active.
Timeout The time before the next key exchange. The time is calculated by
subtracting the time elapsed since the last key exchange from the keylife.
Proxy ID Source The actual IP address or subnet address of the remote peer.
Proxy ID
Destination
The actual IP address or subnet address of the local peer.