Configure the FortiGate dialup client

1. At the FortiGate dialup client, define the phase 1 parameters needed to authenticate the dialup server and establish a secure connection. See “Auto Key phase 1 parameters”. Enter these settings in particular:


Name	Enter a name to identify the VPN tunnel.
Remote Gateway	Select Static IP Address.
IP Address	Type the IP address of the dialup server’s public interface.
Local Interface	Select the interface that connects to the public network.
Mode	The FortiGate dialup client has a dynamic IP address, select Aggressive.
Advanced	Select to view the following options.
Local ID	If you defined a peer ID for the dialup client in the FortiGate dialup server configuration, enter the identifier of the dialup client. The value must be identical to the peer ID that you specified previously in the FortiGate dialup server configuration.
Enable IPsec Interface Mode	If IPsec Interface Mode is enabled, the FortiGate unit creates a virtual IPsec interface for a route-based VPN. Disable this option if you want to create a policy-based VPN. After you select OK to create the phase 1 configuration, you cannot change this setting.


Name	Enter a name to identify this phase 2 configuration.
Phase 1	Select the name of the phase 1 configuration that you defined.

4. Define security policies to permit communication between the private networks through the VPN tunnel. Route-based and policy-based VPNs require different security policies. For detailed information about creating security policies, see “Defining VPN security policies”.