IPSec VPN Auto Key
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 539
http://docs.fortinet.com/ • Feedback
To configure phase 2 settings, go to VPN > IPSEC > Auto Key (IKE) and select Create
Phase 2. For information about how to choose the correct phase 2 settings for your
particular situation, see the FortiGate IPSec VPN User Guide.
Figure 353: New Phase 2
Defining phase 2 advanced settings
In phase 2, the FortiGate unit and the VPN peer or client exchange keys again to establish
a secure communication channel between them. You select the encryption and
authentication algorithms needed to generate keys for protecting the implementation
details of Security Associations (SAs). These are called P2 Proposal parameters. The
keys are generated automatically using a Diffie-Hellman algorithm.
You can use a number of additional advanced phase 2 settings to enhance the operation
of the tunnel. To modify IPSec phase 2 advanced parameters, go to VPN > IPSEC
Auto Key (IKE), select Create Phase 2, and then select Advanced. For information about
how to choose the correct advanced phase 2 settings for your particular situation, see the
FortiGate IPSec VPN User Guide.
Figure 354: Phase 2 advanced settings
Name Type a name to identify the phase 2 configuration.
Phase 1 Select the phase 1 tunnel configuration. For more information, see “Creating a
new phase 1 configuration” on page 534. The phase 1 configuration describes
how remote VPN peers or clients will be authenticated on this tunnel, and how the
connection to the remote peer or client will be secured.
Advanced Define advanced phase 2 parameters. For more information, see “Defining
phase 2 advanced settings” on page 539.
To Next Page
Loading...