Fortinet FortiGate Series Administration Manual page 617
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
IPSec VPN
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
Figure 379: Phase 1 advanced settings
Enable IPSec Interface
This is available in NAT/Route mode only.
Mode
Create a virtual interface for the local end of the VPN tunnel. Select this
option to create a route-based VPN, clear it to create a policy-based
VPN.
IKE Version
Select the version of IKE to use: 1 or 2. The default is 1. This is available
only if IPsec Interface Mode is enabled. For more information about IKE
v2, refer to RFC 4306.
IKE v2 is not available if Mode is Aggressive.
When IKE Version is 2, Mode and XAUTH are not available.
IPv6 Version
Select if you want to use IPv6 addresses for the remote gateway and
interface IP addresses. This is available only when Enable IPSec
Interface Mode is enabled and IPv6 Support is enabled in the
administrative settings.
Local Gateway IP
If you selected Enable IPSec Interface Mode, specify an IP address for
the local end of the VPN tunnel. Select one of the following:
Main Interface IP — The FortiGate unit obtains the IP address of the
interface from the network interface settings. For more information, see
"Configuring interfaces" on page
Specify — You can specify a secondary address of the interface
selected in the phase 1 Local Interface field. For more information, see
"Local Interface" on page
You cannot configure Interface mode in a Transparent mode VDOM.
P1 Proposal
Select the encryption and authentication algorithms used to generate
keys for protecting negotiations.
Add or delete encryption and authentication algorithms as required.
Select a minimum of one and a maximum of three combinations. The
remote peer or client must be configured to use at least one of the
proposals that you define.
Select one of the following symmetric-key algorithms:
DES — Digital Encryption Standard, a 64-bit block algorithm that uses a
56-bit key.
3DES — Triple-DES, in which plain text is encrypted three times by three
keys.
AES128 — a 128-bit block Cipher Block Chaining (CBC) algorithm that
uses a 128-bit key.
AES192 — a 128-bit block Cipher Block Chaining (CBC) algorithm that
uses a 192-bit key.
AES256 — a 128-bit block Cipher Block Chaining (CBC) algorithm that
uses a 256-bit key.
Add
Delete
177.
615.
Auto Key
617
Advertisement
Table of Contents
