VPN IPSEC Auto Key
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 287
Auto Key
Two VPN peers (or a FortiGate dialup server and a VPN client) can be configured
to generate unique Internet Key Exchange (IKE) keys automatically during the
IPSec phase 1 and phase 2 exchanges.
To configure the FortiGate unit to generate unique keys automatically in phase 1
and phase 2, go to VPN > IPSEC > Auto Key (IKE).
When you define phase 2 parameters, you can choose any set of phase 1
parameters to set up a secure connection for the tunnel and authenticate the
remote peer.
Auto Key configuration applies to both tunnel-mode and interface-mode VPNs.
Figure 175:Auto Key list
Creating a new phase 1 configuration
In phase 1, two VPN peers (or a FortiGate dialup server and a VPN client)
authenticate each other and exchange keys to establish a secure communication
channel between them. The basic phase 1 settings associate IPSec phase 1
parameters with a remote gateway and determine:
• whether the various phase 1 parameters will be exchanged in multiple rounds
with encrypted authentication information (main mode) or in a single message
with authentication information that is not encrypted (aggressive mode)
• whether a pre-shared key or digital certificates will be used to authenticate the
identities of the two VPN peers (or a VPN server and its client)
Note: There can be only one phase 2 configuration associated with each phase 1
configuration.
Create Phase 1 Create a new phase 1 tunnel configuration. See “Creating a new
phase 1 configuration” on page 287.
Create Phase 2 Create a new phase 2 configuration. See “Creating a new phase 2
configuration” on page 292.
Phase 1 The names of existing phase 1 tunnel configurations.
Phase 2 The names of existing phase 2 configurations.
Interface Binding The names of the local physical, aggregate, or VLAN interfaces to
which IPSec tunnels are bound.
Delete and Edit icons Delete or edit a phase 1 configuration.
Edit
Delete
To Next Page
Loading...
