VPN CLI configuration
FortiGate-3000 Administration Guide 01-28006-0010-20041105 283
Example
Use the following command to edit an IPSec VPN phase 1 configuration with the
following characteristics:
• Phase 1 configuration name: Simple_GW
• Remote peer address type: Dynamic
• Encryption and authentication proposal: des-md5
• Authentication method: psk
• Pre-shared key: Qf2p3O93jIj2bz7E
• Mode: aggressive
• Dead Peer Detection: enable
• Long idle: 1000
• Short idle: 150
• Retry count: 5
• Retry interval: 30
config vpn ipsec phase1
edit Simple_GW
set Type dynamic
set proposal des-md5
set authmethod psk
set psksecret Qf2p3O93jIj2bz7E
set mode aggressive
set dpd enable
set dpd-idlecleanup 1000
set dpd-idleworry 150
set dpd-retrycount 5
set dpd-retryinterval 30
end
ipsec phase2
In addition to the advanced IPSec Phase 2 settings, the config vpn ipsec
phase2 CLI command provides a way to bind the VPN tunnel selected in a Phase 2
configuration to a specific network interface. This setting may be required under
special circumstances to disable channel redundancy, but is not required for most
configurations.
Command syntax pattern
config vpn ipsec phase2
edit <name_str>
set <keyword> <variable>
end
config vpn ipsec phase2
edit <name_str>
unset <keyword>
end
To Next Page
Loading...
