Defining Phase 2 Advanced Settings - Fortinet Gate 60D Administration Manual

IPSec VPN

Defining phase 2 advanced settings

FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
To configure phase 2 settings, go to VPN > IPSEC > Auto Key (IKE) and select Create
Phase 2. For information about how to choose the correct phase 2 settings for your
particular situation, see the
Figure 353: New Phase 2
Name Type a name to identify the phase 2 configuration.
Phase 1 Select the phase 1 tunnel configuration. For more information, see
new phase 1 configuration" on page
how remote VPN peers or clients will be authenticated on this tunnel, and how the
connection to the remote peer or client will be secured.
Advanced Define advanced phase 2 parameters. For more information, see
phase 2 advanced settings" on page
In phase 2, the FortiGate unit and the VPN peer or client exchange keys again to establish
a secure communication channel between them. You select the encryption and
authentication algorithms needed to generate keys for protecting the implementation
details of Security Associations (SAs). These are called P2 Proposal parameters. The
keys are generated automatically using a Diffie-Hellman algorithm.
You can use a number of additional advanced phase 2 settings to enhance the operation
of the tunnel. To modify IPSec phase 2 advanced parameters, go to VPN > IPSEC
Auto Key (IKE), select Create Phase 2, and then select Advanced. For information about
how to choose the correct advanced phase 2 settings for your particular situation, see the
FortiGate IPSec VPN User
Figure 354: Phase 2 advanced settings
FortiGate IPSec VPN User
534. The phase 1 configuration describes
539.
Guide.
Guide.
"Creating a
"Defining
Add
Delete
Auto Key
539