246
01-28007-0068-20041203
Fortinet Inc.
Phase 1 list
VPN
Phase 1
The basic phase 1 settings associate IPSec phase 1 parameters with a remote
gateway and determine:
• whether the various phase 1 parameters will be exchanged in multiple rounds with
encrypted authentication information (main mode) or in a single message with
authentication information that is not encrypted (aggressive mode)
• whether a preshared key or digital certificates will be used to authenticate the
identities of the two VPN peers
• whether a peer identifier, certificate distinguished name, or group name will be
used to identify the remote peer or client when a connection attempt is made
In phase 1, the two VPN peers exchange keys to establish a secure communication
channel between them. The advanced P1 Proposal parameters select the encryption
and authentication algorithms that are used to generate the keys. Additional advanced
phase 1 settings can be selected to ensure the smooth operation of phase 1
negotiations.
To configure phase 1 settings
1
Go to
VPN > IPSEC > Phase 1
.
2
Follow the general guidelines in these sections:
•
“Phase 1 list” on page 246
•
“Phase 1 basic settings” on page 247
•
“Phase 1 advanced settings” on page 249
For information about how to choose the correct phase 1 settings for your particular
situation, refer to the
FortiGate VPN Guide
.
Phase 1 list
Figure 120:IPSec VPN Phase 1 list
Note:
The procedures in this section assume that you want the FortiGate unit to generate
unique IPSec encryption and authentication keys automatically. In situations where a remote
VPN peer requires a specific IPSec encryption and/or authentication key, you must configure
the FortiGate unit to use manual keys instead. For more information, see
“Manual key” on
page 253
.
Create New
Select Create New to create a new phase 1 configuration.
Gateway Name
The names of existing phase 1 configurations.
Gateway IP
The IP address or domain name of a remote peer, or Dialup for a dialup
client.
Mode
Main or Aggressive.
Summary of Contents for FortiGate 100A
Page 12: ...Contents 12 01 28007 0068 20041203 Fortinet Inc ...
Page 24: ...24 01 28007 0068 20041203 Fortinet Inc FortiLog documentation Introduction ...
Page 72: ...72 01 28007 0068 20041203 Fortinet Inc Transparent mode VLAN settings System network ...
Page 80: ...80 01 28007 0068 20041203 Fortinet Inc DHCP IP MAC binding settings System DHCP ...
Page 114: ...114 01 28007 0068 20041203 Fortinet Inc Access profile options System administration ...
Page 232: ...232 01 28007 0068 20041203 Fortinet Inc Profile CLI configuration Firewall ...
Page 244: ...244 01 28007 0068 20041203 Fortinet Inc peergrp Users and authentication ...
Page 276: ...276 01 28007 0068 20041203 Fortinet Inc ipsec vip VPN ...
Page 338: ...338 01 28007 0068 20041203 Fortinet Inc Configuring the banned word list Spam filter ...
Page 356: ...356 01 28007 0068 20041203 Fortinet Inc syslogd setting Log Report ...
Page 374: ...374 01 28007 0068 20041203 Fortinet Inc Index ...