Creating A New Phase 1 Configuration - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Auto Key
Creating a new phase 1 configuration
614
In phase 1, two VPN peers (or a FortiGate dialup server and a VPN client) authenticate
each other and exchange keys to establish a secure communication channel between
them. The basic phase 1 settings associate IPSec phase 1 parameters with a remote
gateway and determine:
•
whether the various phase 1 parameters will be exchanged in multiple rounds with
encrypted authentication information (main mode) or in a single message with
authentication information that is not encrypted (Aggressive mode)
•
whether a pre-shared key or digital certificates will be used to authenticate the
identities of the two VPN peers (or a VPN server and its client)
•
whether a special identifier, certificate distinguished name, or group name will be used
to identify the remote VPN peer or client when a connection attempt is made.
To define basic IPSec phase 1 parameters, go to VPN > IPSEC > Auto Key (IKE) and
select Create Phase 1. For information about how to choose the correct phase 1 settings
for your particular situation, see the
Figure 378: New Phase 1
Name
Remote Gateway
IP Address
Dynamic DNS
FortiGate IPSec VPN User
Type a name to represent the phase 1 definition. The maximum
name length is 15 characters for an interface mode VPN, 35
characters for a policy-based VPN. If Remote Gateway is Dialup
User, the maximum name length is further reduced depending on the
number of dialup tunnels that can be established: by 2 for up to 9
tunnels, by 3 for up to 99 tunnels, 4 for up to 999 tunnels, and so on.
For a tunnel mode VPN, the name should reflect where the remote
connection originates. For a route-based tunnel, the FortiGate unit
also uses the name for the virtual IPSec interface that it creates
automatically.
Select the category of the remote connection:
Static IP Address — If the remote peer has a static IP address.
Dialup User — If one or more FortiClient or FortiGate dialup clients
with dynamic IP addresses will connect to the FortiGate unit.
Dynamic DNS — If a remote peer that has a domain name and
subscribes to a dynamic DNS service will connect to the FortiGate
unit.
If you selected Static IP Address, type the IP address of the remote
peer.
If you selected Dynamic DNS, type the domain name of the remote
peer.
FortiGate Version 4.0 MR1 Administration Guide
IPSec VPN
Guide.
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
Advertisement
Table of Contents
