IPsec VPN for Windows Phone 10

In this recipe, you will use the FortiGate IPsec VPN Wizard to set up an IPsec VPN between a FortiGate and a device running Windows Phone 10. The configuration will allow Windows Phone 10 users to securely connect to an internal network.

The IPsec VPN is a pre-shared key configuration that also requires users to authenticate with their own credentials to be able to connect to the VPN.

This recipe assumes that a user (dprince) and a user group (WinPhone_Users) have already been created on the FortiGate.

A Windows Phone 10 Lumia 930 running build 10581 was used for this configuration.

1. Configuring the IPsec VPN using the IPsec VPN Wizard

Go to VPN > IPSec Wizard.

Name the VPN connection (WinPhoneVPN).

Select the Remote Access template, select the Windows Native device type, and select Next.

Set the Incoming Interface to the Internet-facing interface (wan1).

Select the Pre-shared Key authentication method and enter a pre-shared key.

Select the WinPhone_Users user group and select Next.

Set Local Interface to the internal interface and set Local Address to all.

Enter an IP address range for VPN users in the Client Address Range field, enter a Subnet Mask, and select Create.

Make sure no other interfaces on the FortiGate are using the same address range.

A summary page shows the wizard’s configuration.

Go to Policy & Objects > IPv4 Policy and confirm that the wizard has created two policies: one policy for remote users to access the VPN, and one policy that has Service set to L2TP.

2. Connecting to the IPsec VPN from the Windows Phone 10

On the Windows Phone 10, go to Settings > Network & wireless > VPN and select Add a VPN connection.

Enter a Connection name and set the Server name or address to the FortiGate’s Internet-facing interface.

Set VPN type to Automatic and enter the pre-shared key — this key is the same one you added to the FortiGate.

Select Save.

3. Results

You will now connect to the IPsec VPN tunnel. From the VPN screen, select TheOffice.

Sign in and connect using dprince‘s credentials.

You should now be connected to the IPsec VPN.

To verify the connection, on the FortiGate, go to Log & Report > VPN Events.
You may also verify the user’s connection by going to FortiView > VPN.