Phase 1 Basic Settings - Fortinet FortiGate FortiGate-1000 Administration Manual

VPN

Phase 1 basic settings

FortiGate-1000 Administration Guide
Figure 121:Phase 1 basic settings
Gateway Name Type a name for the remote VPN peer. The remote peer can be either a
gateway to another network or an individual client on the Internet.
Remote Select a Remote Gateway address type.
Gateway If the remote VPN peer has a static IP address, select Static IP Address. See
"Gateway-to-gateway VPN" on page
If the remote VPN peer has a dynamically assigned IP address (DHCP or
PPPoE), or if the remote VPN peer has a static IP address that is not required
in the peer identification process, select Dialup User. See
page 281.
If the remote VPN peer uses Dynamic DNS, select Dynamic DNS. See
"Dynamic DNS VPN" on page
Depending upon the Remote Gateway address type you have selected,
certain fields may become available or be removed.
IP Address If you select Static IP Address for Remote Gateway, enter the IP address of
the gateway or client.
Dynamic DNS If you select Dynamic DNS for Remote Gateway, enter the Dynamic DNS
(DDNS) name. DDNS allows a computer to keep the same domain name
even if its IP address changes.
Mode Select Aggressive or Main (ID Protection) mode. Both modes establish a
secure channel. When using aggressive mode, the VPN peers exchange
identifying information in the clear. When using main mode, identifying
information is hidden.
Aggressive mode is typically used when one VPN peer has a dynamic (dialup)
address and uses its ID as part of the authentication process. Main mode is
typically used when both VPN peers have static IP addresses.
When using aggressive mode, Diffie-Hellman (DH) groups cannot be
negotiated. Therefore, you should enter matching DH configurations on the
VPN peers when you use aggressive mode.
The VPN peers must use the same mode.
Authentication Either Preshared Key or RSA Signature.
Method
01-28006-0009-20041105
280.
281.
Phase 1
"Dialup VPN" on
249