Autoike Ipsec Vpns; General Configuration Steps For An Autoike Vpn; Adding A Phase 1 Configuration For An Autoike Vpn - Fortinet FortiGate FortiGate-800 Installation And Configuration Manual
Fortinet network device installation and configuration guide
Hide thumbs
Also See for FortiGate FortiGate-800:
- Administration manual (392 pages) ,
- Install manual (64 pages) ,
- Technical note (12 pages)
Table of Contents
Advertisement
IPSec VPN
AutoIKE IPSec VPNs
General configuration steps for an AutoIKE VPN
Adding a phase 1 configuration for an AutoIKE VPN
FortiGate-800 Installation and Configuration Guide
FortiGate units support two methods of Automatic Internet Key Exchange (AutoIKE)
for establishing IPSec VPN tunnels: AutoIKE with pre-shared keys and AutoIKE with
digital certificates.
•
General configuration steps for an AutoIKE VPN
•
Adding a phase 1 configuration for an AutoIKE VPN
•
Adding a phase 2 configuration for an AutoIKE VPN
An AutoIKE VPN configuration consists of phase 1 and phase 2 configuration
parameters, the source and destination addresses for both ends of the tunnel, and an
encrypt policy to control access to the VPN tunnel.
To create an AutoIKE VPN configuration
Note: Prior to configuring an AutoIKE VPN that uses digital certificates, you must add the CA
and local certificates to the FortiGate unit. For information about digital certificates, see
"Managing digital certificates" on page
1
Add the phase 1 parameters. See
VPN" on page
235.
2
Add the phase 2 parameters. See
VPN" on page
240.
3
Configure an encrypt policy that includes the tunnel, source address, and destination
address for both ends of the tunnel. See
When you add a phase 1 configuration, you define the terms by which the FortiGate
unit and a remote VPN peer (gateway or client) authenticate themselves to each other
prior to establishing an IPSec VPN tunnel.
The phase 1 configuration is related to the phase 2 configuration. In phase 1 the VPN
peers are authenticated; in phase 2 the tunnel is established. You have the option to
use the same phase 1 parameters to establish multiple tunnels. In other words, the
same remote VPN peer (gateway or client) can have multiple tunnels to the local VPN
peer (the FortiGate unit).
When the FortiGate unit receives an IPSec VPN connection request, it authenticates
the VPN peers according to the phase 1 parameters. Then, depending on the source
and destination addresses of the request, it starts an IPSec VPN tunnel and applies
an encrypt policy.
To add a phase 1 configuration
1
Go to VPN > IPSEC > Phase 1.
2
Select New to add a new phase 1 configuration.
242.
"Adding a phase 1 configuration for an AutoIKE
"Adding a phase 2 configuration for an AutoIKE
"Configuring encrypt policies" on page
AutoIKE IPSec VPNs
245.
235
- Quick Links:
- Connecting to the Web-Based Manager
Hide quick links:
Advertisement
Table of Contents
