FortiGate Version 3.0 MR4 Administration Guide
288 01-30004-0203-20070102
Auto Key VPN IPSEC
• whether a special identifier, certificate distinguished name, or group name will
be used to identify the remote VPN peer or client when a connection attempt is
made
To define basic IPSec phase 1 parameters, go to VPN > IPSEC > Auto Key (IKE)
and select Create Phase 1.
Figure 176:New Phase 1
Name Type a name to represent the phase 1 definition. The maximum
name length is 15 characters for an interface mode VPN, 35
characters for a policy-based VPN.
For a tunnel mode VPN, the name should reflect the origination of
the remote connection. For a route-based tunnel, the FortiGate unit
also uses the name for the virtual IPSec interface that it creates
automatically.
Remote Gateway Select the nature of the remote connection:
• If the remote peer has a static IP address, select Static IP
Address.
• If one or more FortiClient™ or FortiGate dialup clients with
dynamic IP addresses will connect to the FortiGate unit, select
Dialup User.
• If a remote peer that has a domain name and subscribes to a
dynamic DNS service will be connecting to the FortiGate unit,
select Dynamic DNS.
IP Address If Static IP Address is selected, type the IP address of the remote
peer.
Dynamic DNS If Dynamic DNS is selected, type the domain name of the remote
peer.
Local Interface This option is available in NAT/Route mode only. Select the name of
the physical, aggregate, or VLAN interface through which remote
peers or dialup clients connect to the FortiGate unit. The FortiGate
unit obtains the IP address of the interface from System > Network
> Interface settings (see “Interface” on page 69) unless you are
configuring an IPSec interface, in which case you can specify a
different IP address in the Local Gateway IP field under Advanced
settings (see “Local Gateway IP” on page 291).
To Next Page
Loading...
