Fortinet FortiGate Series Administration Manual page 70
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Auto-configuration of IPsec VPNs
70
set
unity-support {enable | disable}
config ipv4-exclude-range
edit <entry_id>
set
start-ip <ipaddr>
set
end-ip <ipaddr>
end
config ipv6-exclude-range
edit <entry_id>
set
start-ip <ipaddr>
set
end-ip <ipaddr>
end
end
Variable
add-route
{enable | disable}
assign-ip
{enable | disable}
assign-ip-from
{range | usrgrp}
assign-ip-type
{ip | subnet}
banner <string>
domain <string>
mode-cfg
{enable | disable}
mode-cfg-ip-version
{4|6}
Description
Enable to add a route to the client's peer destination
selector. Disable if you use dynamic routing over the
tunnel.
For a client, enable to request an IP address from
the server. For a server, enable to assign an IP
address to a dialup client. This is available if
mode-cfg (IKE Configuration Method) is enabled.
Select source of IP address assigned to an IKE
Configuration Method client.
range — Assign an IP address from the range
defined in ipv4-start-ip and ipv4-end-ip
(ipv6-start-ip and ipv4-end-ip for IPv6
clients).
usrgrp — Assign the address defined in the
RADIUS Framed-IP-Address for the user. This is
available when the VPN is configured to authenticate
clients with XAuth. xauthtype must be auto, pap,
or chap.
This is available if mode-cfg (IKE Configuration
Method) is enabled.
Select the type of IP address assigned to an IKE
Configuration Method client:
ip — assign a single IP address to the client, as
configured in assign-ip-from.
subnet — assign an IP address to each end of the
VPN tunnel, as configured in assign-ip-from.
This type of IP address assignment facilitates the
use of dynamic routing through the tunnel.
This is available if mode-cfg (IKE Configuration
Method) is enabled.
Specify a message to send to IKE Configuration
Method clients. Some clients display this message to
users. This is available if mode-cfg (IKE
Configuration Method) is enabled.
Specify a domain name to send to IKE Configuration
Method clients. This is available if mode-cfg (IKE
Configuration Method) is enabled.
Enable IKE Configuration Method so that compatible
clients can configure themselves with settings that
the FortiGate unit provides. This is available if type
is dynamic.
Select whether an IKE Configuration Method client
receives an IPv4 or IPv6 IP address. This is
available if mode-cfg and assign-ip are enabled.
FortiGate Version 4.0 MR1 Administration Guide
What's new in FortiOS Version 4.0 MR1
Default
enable
enable
range
ip
Null
Null
disable
4
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
Advertisement
Table of Contents
