IPsec VPN for iOS 9

In this recipe, you will use the FortiGate IPsec VPN Wizard to set up an IPsec VPN between a FortiGate and a device running iOS 9. This configuration allows iPhone users to securely connect to an internal network.

The IPsec VPN is a pre-shared key configuration that also requires users to authenticate with their own credentials to be able to connect to the VPN.

This recipe assumes that a user (dbuchanan) and a user group (iphone-users) have already been created on the FortiGate.

An Apple iPhone SE running iOS 9.3.5 was used for this configuration.

Watch the video

1. Configuring the IPsec VPN using the IPsec VPN Wizard

On the FortiGate, go to VPN > IPsec Wizard.

Name the VPN connection (iPhoneVPN).

Select the Remote Access template, select the iOS Native device type, and select Next.

Set the Incoming Interface to the Internet-facing interface (wan1).

Select the Pre-shared Key authentication method and enter a pre-shared key.

Select the iphone-users user group and select Next.

Set Local Interface to the internal interface and set Local Address to all.

Enter an IP address range for VPN users in the Client Address Range field, enter a Subnet Mask, and select Create.

Make sure no other interfaces on the FortiGate are using the same address range.

A summary page shows the wizard’s configuration, including a remote-to-local access security policy.

2. Connecting to the IPsec VPN from iPhone

On the iPhone, go to Settings > General > VPN and select Add VPN Configuration.

Set Type to IPsec and enter a Description (required).

Set Server to the FortiGate’s Internet-facing interface, and enter the user’s name in Account.

Enter the user’s password, the pre-shared IPsec VPN secret, and select Done.

 

Make sure the IPsec VPN configuration is highlighted (indicated by the  icon), and select the button next to Not Connected.

The IPsec VPN will connect with the user’s credentials and secret. The status will change to Connected, and a VPN icon will appear at the top of the screen.

3. Results

To verify the connection, on the FortiGate, go to Log & Report > VPN Events. The user has been assigned an IP from the client address range.
You may also verify the user’s connection by going to FortiView > VPN.
Adam Bristow

Adam Bristow

Technical Writer at Fortinet
Adam Bristow is a Technical Writer working for the FortiOS technical documentation team. He has a Honours Bachelor of Arts in English and Minor in Film Studies and a graduate certificate in Technical Writing from Algonquin College. Stay tuned for more FortiOS Cookbook videos!
Adam Bristow

Latest posts by Adam Bristow (see all)

Share this recipe:

Facebooktwittergoogle_pluslinkedin

Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.