Node Type | Select either HUB or Spoke from the drop-down list. Note: This menu item is available when Topology is Star or Dial up. |
Gateway Name | Enter the gateway name. |
Gateway IP | Select the gateway IP address from the drop-down list. |
Hub IP | Select the hub IP address from the drop-down list. Note: This menu item is available when Topology is Star or Dial up and Node Type is HUB. |
Create Phase2 per Protected Subnet Pair | Select the checkbox to create a phase2 per protected subnet pair. |
Peer Type | Select the peer type. Select one of the following: • Accept any peer ID • Accept this peer ID (enter the peer ID in the text field) • Accept a dialup group (select the group from the drop-down list) A Local ID is an alphanumeric value assigned in the Phase 1 configuration. The Local ID of a peer is called a Peer ID. The Local ID or peer ID can be used to uniquely identify one end of a VPN tunnel. This enables a more secure connection. Also if you have multiple VPN tunnels negotiating, this ensures the proper remote and local ends connect. When you configure it on your end, it is your Local ID. When the remote end connects to you, they see it as your peer ID. If you are debugging a VPN connection, the Local ID is part of the VPN negotiations. You can use it to help troubleshoot connection problems. The default configuration is to accept all local IDs (peer IDs). If you have the Local ID set, the remote end of the tunnel must be configured to accept your Local ID. Note: This menu item is available when Topology is Dial up. |
Protected Subnet | Select the address or address group from the drop-down list and select the plus (+) icon to add the entry. You can add multiple entries. |
Local Gateway | Enter the local gateway in the text field. |
Node Type | Select either HUB or Spoke from the drop-down list. Note: This menu item is available when Topology is Star or Dial up. | |
Device | Select the device from the drop-down list. | |
Default VPN Interface | Select the default VPN interface from the drop-down list. | |
Hub-to-Hub Interface | Select the hub-to-hub interface from the drop-down list. This field is mandatory for multiple hubs. Note: This menu item is available when Topology is Star or Dial up and Node Type is HUB. | |
Peer Type | Select the peer type. Select one of the following: • Accept any peer ID • Accept this peer ID (enter the peer ID in the text field) • Accept a dialup group (select the group from the drop-down list) Note: This menu item is available when Topology is Dial up and Node Type is HUB. | |
Routing | Select either Manual (via Device Manager) or Automatic. | |
Summary Network(s) | Select the address or address group from the drop-down list, select the priority and select the plus (+) icon to add the entry. You can add multiple entries. Note: This menu item is available when Topology is Star or Dial up and Node Type is HUB. | |
Protected Subnet | Select the address or address group from the drop-down list and select the plus (+) icon to add the entry. You can add multiple entries. | |
Enable IKE Configuration Method (“mode config”) | Select to enable IKE Configuration Method. Note: This menu item is available when Topology is Dial up. | |
Enable IP Assignment | Select to enable IP assignment. Note: This menu item is available when Topology is Dial up. | |
IP Assignment Mode | Select either Range or User Group from the drop-down list. Note: This menu item is available when Topology is Dial up and Node Type is HUB. | |
IP Assignment Type | Select either IP or Subnet from the drop-down list. Note: This menu item is available when Topology is Dial up, Node Type is HUB, and IP Assignment Mode is Range | |
IPv4 Start IP | Enter the IPv4 start IP address. Note: This menu item is available when Topology is Dial up, Node Type is HUB, and IP Assignment Mode is Range | |
IPv4 End IP | Enter the IPv4 end IP address. Note: This menu item is available when Topology is Dial up, Node Type is HUB, and IP Assignment Mode is Range | |
IPv4 Netmask | Enter the IPv4 network mask. Note: This menu item is available when Topology is Dial up, Node Type is HUB, and IP Assignment Mode is Range. | |
Add Route | Select the checkbox to add a route for this entry. Note: This menu item is available when Topology is Dial up. | |
DNS Server #1 | Enter the DNS server IP address to provide IKE Configuration Method to clients. Note: This menu item is available when Topology is Dial up and Node Type is HUB. | |
DNS Server #2 | Enter the DNS server IP address to provide IKE Configuration Method to clients. Note: This menu item is available when Topology is Dial up and Node Type is HUB. | |
DNS Server #3 | Enter the DNS server IP address to provide IKE Configuration Method to clients. Note: This menu item is available when Topology is Dial up and Node Type is HUB. | |
WINS Server #1 | Enter the WINS server IP address to provide IKE Configuration Method to clients. Note: This menu item is available when Topology is Dial up and Node Type is HUB. | |
WINS Server #2 | Enter the WINS server IP address to provide IKE Configuration Method to clients. Note: This menu item is available when Topology is Dial up and Node Type is HUB. | |
IPv4 Split include | Select the address or address group from the drop-down list. Note: This menu item is available when Topology is Dial up and Node Type is HUB. | |
Local Gateway | Enter the local gateway in the text field. | |
Exclusive IP Range | Enter the start IP and end IP and select the plus (+) icon to add the entry. You can add multiple entries. Note: This menu item is available when Topology is Dial up and Node Type is HUB. | |
Advanced Options | For more information on advanced option, see the FortiOS 5.0 CLI Reference. | |
authpasswd | Enter the XAuth client password for the FortiGate. Note: This field is available when xauthtype is set to client. | |
authusr | Enter the XAuth client user name for the FortiGate. Note: This field is available when xauthtype is set to client. | |
authusrgrp | Select the authentication user group from the drop-down list. Note: This field is available when xauthtype is set to auto, pap, or chap. When the FortiGate unit is configured as an XAuth server, enter the user group to authenticate remote VPN peers. The user group can contain local users, LDAP servers, and RADIUS servers. The user group must be added to the FortiGate configuration before the group name can be cross referenced. | |
banner | Enter the banner value. Specify a message to send to IKE Configuration Method clients. Some clients display this message to users. This is available if mode-cfg (IKE Configuration Method) is enabled. | |
dns-mode | Select either manual or auto from the drop-down list. • auto: Assign DNS servers in the following order: • Servers assigned to interface by DHCP. • Per-VDOM assigned DNS servers. • Global DNS servers. • manual: Use DNS servers specified in DNS Server 1, DNS Server 2 etc. | |
domain | Enter the domain value. | |
public-ip | Enter the public IP value. Use this field to configure a VPN with dynamic interfaces. Define a public-ip value here, which is the dynamically assigned PPPoE address, which remains static and does not change over time. See “VPN Console supports NAT device with a public IP feature” for more information. | |
unity-support | Select either enable or disable from the drop-down list. | |
xauthtype | Select the XAuth type from the drop-down list. Select one of: disable, client, pap, chap, or auto. |