Ipsec Phase 2 Configuration For Ike Configuration Method - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
What's new in FortiOS Version 4.0 MR1
IPsec Phase 2 configuration for IKE Configuration Method
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
Variable
ipv4-dns-server1
ipv6-dns-server1
ipv4-dns-server2
ipv6-dns-server2
ipv4-dns-server3
ipv6-dns-server3
ipv4-end-ip
<ip4addr>
ipv6-end-ip
<ip6addr>
ipv4-netmask
<ip4mask>
ipv4-split-include
<address_name>
ipv4-start-ip
<ip4addr>
ipv6-start-ip
<ip6addr>
ipv4-wins-server1
ipv4-wins-server2
ipv6-prefix
<ip6prefix>
unity-support
{enable | disable}
config ipv4-exclude-range and config ipv6-exclude-range Variables
start-ip <ipaddr>
end-ip <ipaddr>
There are several changes to the phase2-interface configuration when IKE
Configuration Method is configured in the corresponding phase1-interface
configuration.
The dhcp-ipsec keyword is not available if the corresponding phase1-interface has
mode-cfg enabled. IKE Configuration Method is an alternative to DHCP over IPsec.
The keywords beginning with "src-" and "dst-" are not available if the corresponding
phase1-interface configuration has mode-cfg enabled and type is set to static
or ddns. This is the configuration for an IKE Configuration Method client, which receives
information about destination subnets from the server and thus must not specify any traffic
selectors itself.
Description
Enter DNS server addresses to provide to IKE
Configuration Method clients. If the value is
0.0.0.0, no DNS server address is provided.
Either the IPv4 or IPv6 version of these keywords is
available, depending on mode-cfg-ip-version.
Set end of IP address range to assign to IKE
Configuration Method clients. This is available when
mode-cfg is enabled, type is dynamic, and
assign-ip-from is range.
Either the IPv4 or IPv6 version of this keyword is
available, depending on mode-cfg-ip-version.
Set the netmask value to pass to IKE Configuration
Method clients.
Select the address or address group that the client
can reach through the VPN. This information is sent
to the client as part of IKE Configuration Method.
Set start of IP address range to assign to IKE
Configuration Method clients. This is available when
mode-cfg is enabled, type is dynamic, and
assign-ip-from is range.
Either the IPv4 or IPv6 version of this keyword is
available, depending on mode-cfg-ip-version.
Enter WINS server addresses to provide to IKE
Configuration Method clients. If the value is
0.0.0.0, no WINS server address is provided.
Specify the size, in bits, of the network portion of the
subnet address for IPv6 IKE Configuration Method
clients. Range is 0 to 128.
This is available when mode-cfg-ip-version is
6 and assign-ip-type is subnet.
Enable support for Cisco Unity IKE Configuration
Method extensions in either a server or a client.
Enter the start of the exclude range.
Enter the end of the exclude range.
Auto-configuration of IPsec VPNs
Default
0.0.0.0
::
No default.
No default.
Null.
No default.
0.0.0.0
0
enable
No default.
No default.
71
Advertisement
Table of Contents
