VPN Phase 1
FortiGate-3000 Administration Guide 01-28006-0010-20041105 255
Phase 1 basic settings
Figure 121:Phase 1 basic settings
Gateway Name Type a name for the remote VPN peer. The remote peer can be either a
gateway to another network or an individual client on the Internet.
Remote
Gateway
Select a Remote Gateway address type.
If the remote VPN peer has a static IP address, select Static IP Address. See
“Gateway-to-gateway VPN” on page 286.
If the remote VPN peer has a dynamically assigned IP address (DHCP or
PPPoE), or if the remote VPN peer has a static IP address that is not required
in the peer identification process, select Dialup User. See “Dialup VPN” on
page 287.
If the remote VPN peer uses Dynamic DNS, select Dynamic DNS. See
“Dynamic DNS VPN” on page 287.
Depending upon the Remote Gateway address type you have selected,
certain fields may become available or be removed.
IP Address If you select Static IP Address for Remote Gateway, enter the IP address of
the gateway or client.
Dynamic DNS If you select Dynamic DNS for Remote Gateway, enter the Dynamic DNS
(DDNS) name. DDNS allows a computer to keep the same domain name
even if its IP address changes.
Mode Select Aggressive or Main (ID Protection) mode. Both modes establish a
secure channel. When using aggressive mode, the VPN peers exchange
identifying information in the clear. When using main mode, identifying
information is hidden.
Aggressive mode is typically used when one VPN peer has a dynamic (dialup)
address and uses its ID as part of the authentication process. Main mode is
typically used when both VPN peers have static IP addresses.
When using aggressive mode, Diffie-Hellman (DH) groups cannot be
negotiated. Therefore, you should enter matching DH configurations on the
VPN peers when you use aggressive mode.
The VPN peers must use the same mode.
Authentication
Method
Either Preshared Key or RSA Signature.
To Next Page
Loading...
Need help?
General