L2TP .............................................................................................................................. 251
Certificates ...................................................................................................................... 256
CLI configuration............................................................................................................. 261
ipsec phase1............................................................................................................... 261
ipsec phase2............................................................................................................... 263
ipsec vip ...................................................................................................................... 264
Gateway-to-gateway VPN............................................................................................... 266
Dialup VPN ..................................................................................................................... 267
Dynamic DNS VPN ......................................................................................................... 267
Manual key IPSec VPN................................................................................................... 268
Special rules ............................................................................................................... 271
Hub and spoke VPNs...................................................................................................... 272
Configuring the hub..................................................................................................... 272
Configuring spokes ..................................................................................................... 274
Redundant IPSec VPNs.................................................................................................. 275
Troubleshooting .............................................................................................................. 278
IPS ....................................................................................................................... 279
Signature......................................................................................................................... 280
Predefined................................................................................................................... 280
Custom........................................................................................................................ 284
Anomaly .......................................................................................................................... 286
Default fail open setting .................................................................................................. 290
FortiGate-50A Administration Guide
01-28006-0001-20041105
Contents
9