EasyManuals Logo
Home>Fortinet>Firewall>FortiGate Series

Fortinet FortiGate Series Administration Guide

Fortinet FortiGate Series
764 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #613 background imageLoading...
Page #613 background image
IPSec VPN Auto Key
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 613
http://docs.fortinet.com/Feedback
Redundant configurations
Route-based VPNs help to simplify the implementation of VPN tunnel redundancy. You
can configure several routes for the same IP traffic with different route metrics. You can
also configure the exchange of dynamic (RIP, OSPF, or BGP) routing information through
VPN tunnels. If the primary VPN connection fails or the priority of a route changes through
dynamic routing, an alternative route will be selected to forward traffic through the
redundant connection.
A simple way to provide failover redundancy is to create a backup IPSec interface. You
can do this in the CLI. For more information, including an example configuration, see the
monitor-phase1 keyword for the ipsec vpn phase1-interface command in the
FortiGate CLI Reference.
Routing
Optionally, through the CLI, you can define a specific default route for a virtual IPSec
interface. For more information, see the default-gw keyword for the
vpn ipsec phase1-interface command in the FortiGate CLI Reference.
Auto Key
You can configure two VPN peers (or a FortiGate dialup server and a VPN client) to
generate unique Internet Key Exchange (IKE) keys automatically during the IPSec
phase 1 and phase 2 exchanges.
When you define phase 2 parameters, you can choose any set of phase 1 parameters to
set up a secure connection for the tunnel and authenticate the remote peer.
Auto Key configuration applies to both tunnel-mode and interface-mode VPNs.
To configure an Auto Key VPN, go to VPN > IPSEC > Auto Key (IKE).
Figure 377: Auto Key list
Create Phase 1 Create a new phase 1 tunnel configuration. For more information, see
“Creating a new phase 1 configuration” on page 614.
Create Phase 2 Create a new phase 2 configuration. For more information, see “Creating a
new phase 2 configuration” on page 619.
Phase 1 The names of existing phase 1 tunnel configurations.
Phase 2 The names of existing phase 2 configurations.
Interface Binding The names of the local interfaces to which IPSec tunnels are bound. These
can be physical, aggregate, VLAN, inter-VDOM link or wireless interfaces.
Delete and Edit icons Delete or edit a phase 1 configuration.
Edit
Delete

Table of Contents

Other manuals for Fortinet FortiGate Series

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Install Guide
Install Guide51 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Fortinet FortiGate Series and is the answer not in the manual?

Fortinet FortiGate Series Specifications

General IconGeneral
BrandFortinet
ModelFortiGate Series
CategoryFirewall
LanguageEnglish

Related product manuals