Auto-configuration of IPsec VPNs What’s new in FortiOS Version 4.0 MR1
FortiGate Version 4.0 MR1 Administration Guide
70 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
set unity-support {enable | disable}
config ipv4-exclude-range
edit <entry_id>
set start-ip <ipaddr>
set end-ip <ipaddr>
end
config ipv6-exclude-range
edit <entry_id>
set start-ip <ipaddr>
set end-ip <ipaddr>
end
end
Variable Description Default
add-route
{enable | disable}
Enable to add a route to the client’s peer destination
selector. Disable if you use dynamic routing over the
tunnel.
enable
assign-ip
{enable | disable}
For a client, enable to request an IP address from
the server. For a server, enable to assign an IP
address to a dialup client. This is available if
mode-cfg (IKE Configuration Method) is enabled.
enable
assign-ip-from
{range | usrgrp}
Select source of IP address assigned to an IKE
Configuration Method client.
range — Assign an IP address from the range
defined in ipv4-start-ip and ipv4-end-ip
(ipv6-start-ip and ipv4-end-ip for IPv6
clients).
usrgrp — Assign the address defined in the
RADIUS Framed-IP-Address for the user. This is
available when the VPN is configured to authenticate
clients with XAuth. xauthtype must be auto, pap,
or chap.
This is available if mode-cfg (IKE Configuration
Method) is enabled.
range
assign-ip-type
{ip | subnet}
Select the type of IP address assigned to an IKE
Configuration Method client:
ip — assign a single IP address to the client, as
configured in assign-ip-from.
subnet — assign an IP address to each end of the
VPN tunnel, as configured in assign-ip-from.
This type of IP address assignment facilitates the
use of dynamic routing through the tunnel.
This is available if mode-cfg (IKE Configuration
Method) is enabled.
ip
banner <string> Specify a message to send to IKE Configuration
Method clients. Some clients display this message to
users. This is available if mode-cfg (IKE
Configuration Method) is enabled.
Null
domain <string> Specify a domain name to send to IKE Configuration
Method clients. This is available if mode-cfg (IKE
Configuration Method) is enabled.
Null
mode-cfg
{enable | disable}
Enable IKE Configuration Method so that compatible
clients can configure themselves with settings that
the FortiGate unit provides. This is available if type
is dynamic.
disable
mode-cfg-ip-version
{4|6}
Select whether an IKE Configuration Method client
receives an IPv4 or IPv6 IP address. This is
available if mode-cfg and assign-ip are enabled.
4
To Next Page
Loading...
