Name: Fortinet FortiGate Series
Brand: Fortinet
Rating: 4 (1 reviews)

To Next Page

To Previous Page

What’s new in FortiOS Version 4.0 MR1 Auto-configuration of IPsec VPNs

FortiGate Version 4.0 MR1 Administration Guide

01-410-89802-20090903 69

http://docs.fortinet.com/ • Feedback

Auto-configuration of IPsec VPNs

FortiOS Version 4.0 MR1 supports automatic configuration of IPsec VPNs using the

proposed IKE Configuration Method described in draft-dukes-ike-mode-cfg-02. Several

network equipment vendors support IKE Configuration Method, which is an alternative to

DHCP over IPSec.

Dialup VPN clients connect to a FortiGate unit that acts as a VPN server, providing the

client the necessary configuration information to establish a VPN tunnel. The configuration

information typically includes a virtual IP address, netmask, and DNS server address.

IKE Configuration Method is available only for VPNs that are interface-based, also known

as route-based. A FortiGate unit can function as either an IKE Configuration Method

server or client.

IPsec Phase 1 CLI configuration for IKE Configuration Method

The mode-cfg keyword enables IKE Configuration Method. The type keyword,

although unchanged from previous releases, determines whether you are creating a

server or a client. Setting type to dynamic creates a server configuration, otherwise

the configuration is a client.

The following syntax lists only the keywords that pertain to IKE Configuration Method. All

of these keywords can be used to configure a server. Required keywords are interface,

proposal, either ip4-start-ip, ip4-end-ip and ipv4-netmask or

ip6-start-ip, ip6-end-ip and ip6-prefix, depending on the value of

mode-cfg-ip-version.

To configure a client, the required keywords are interface, remote-gw, and

proposal.

Syntax

config vpn ipsec phase1-interface

edit <gateway_name>

set add-route {enable | disable}

set assign-ip {enable | disable}

set assign-ip-from {range | usrgrp}

set assign-ip-type {ip | subnet}

set banner <string>

set domain <string>

set mode-cfg {enable | disable}

set mode-cfg-ip-version {4|6}

set ipv4-dns-server1

set ipv4-dns-server2

set ipv4-dns-server3

set ipv6-dns-server1

set ipv6-dns-server2

set ipv6-dns-server3

set ipv4-end-ip <ip4addr>

set ipv6-end-ip <ip6addr>

set ipv4-netmask <ip4mask>

set ipv4-start-ip <ip4addr>

set ipv6-start-ip <ip6addr>

set ipv6-prefix <ip6prefix>

set ipv4-wins-server1

set ipv4-wins-server2

Brand	Fortinet
Model	FortiGate Series
Category	Firewall
Language	English

Fortinet FortiGate Series Administration Guide

Table of Contents

Other manuals for Fortinet FortiGate Series

Questions and Answers:

Fortinet FortiGate Series Specifications

Related product manuals