162
Fortinet Inc.
AutoIKE IPSec VPNs
IPSec VPN
4
Select a Remote Gateway to associate with the VPN tunnel.
A remote gateway can be either a gateway to another network or an individual client
on the Internet. Remote gateways are added as part of the phase 1 configuration. For
details, see
“Adding a phase 1 configuration for an AutoIKE VPN” on page 157
.
Choose either a single DIALUP remote gateway, or up to three STATIC remote
gateways. Multiple STATIC remote gateways are necessary if you are configuring
IPSec redundancy. For information about IPSec redundancy, see
“Redundant IPSec
VPNs” on page 175
.
5
Configure the P2 Proposal.
Select up to three encryption and authentication algorithm combinations to propose
for phase 2.
The VPN peers must use the same P2 proposal settings.
6
Optionally, enable Replay Detection.
Replay detection protects the VPN tunnel from replay attacks.
7
Optionally, enable Perfect Forward Secrecy (PFS).
PFS improves security by forcing a new Diffie-Hellman exchange whenever keylife
expires.
8
Select the DH Group(s).
The VPN peers must use the same DH Group settings.
9
Enter the Keylife.
The keylife causes the phase 2 key to expire after a specified amount of time, after a
specified number of kbytes of data have been processed by the VPN tunnel, or both. If
you select both, the key does not expire until both the time has passed and the
number of kbytes have been processed.
When the key expires, a new key is generated without interrupting service. P2
proposal keylife can be from 120 to 172800 seconds or from 5120 to 99999 kbytes.
10
Optionally, enable Autokey Keep Alive.
Enable Autokey Keep Alive to keep the VPN tunnel running even if no data is being
processed.
11
Optionally, select a concentrator.
Select a concentrator if you want the tunnel to be part of a hub and spoke VPN
configuration. If you use the procedure,
“Adding a VPN concentrator” on page 173
to
add the tunnel to a concentrator, the next time you open the tunnel, the Concentrator
field displays the name of the concentrator to which you have added the tunnel.
12
Select OK to save the AutoIKE key VPN tunnel.
Note:
Do not select replay detection if you have also selected Null Authentication for the P2
Proposal.
Содержание FortiGate FortiGate-50
Страница 16: ...16 Fortinet Inc Customer service and technical support Introduction...
Страница 32: ...32 Fortinet Inc Next steps Getting started...
Страница 40: ...40 Fortinet Inc Completing the configuration NAT Route mode installation...
Страница 88: ...88 Fortinet Inc Registering a FortiGate unit after an RMA Virus and attack definitions updates and registration...
Страница 112: ...112 Fortinet Inc Customizing replacement messages System configuration...
Страница 144: ...144 Fortinet Inc Content profiles Firewall configuration...
Страница 202: ...202 Fortinet Inc Logging attacks Network Intrusion Detection System NIDS...
Страница 216: ...216 Fortinet Inc Exempt URL list Web filtering...
Страница 228: ...228 Fortinet Inc Configuring alert email Logging and reporting...
Страница 232: ...232 Fortinet Inc Glossary...