Chapter 11 IPsec VPN for FortiOS 5.0 : Supporting IKE Mode config clients : Configuring IKE Mode Config : Configuring an IKE Mode Config client
  
Configuring an IKE Mode Config client
If the FortiGate unit will connect as a dialup client to a remote gateway that supports IKE Mode Config, the relevant vpn ipsec phase1-interface variables are as follows:
Variable
Description
ike-version 1
IKE v1 is the default for FortiGate IPsec VPNs.
IKE Mode Config is also compatible with IKE v2
(RFC 4306).
mode-cfg enable
Enable IKE Mode Config.
type {ddns | static}
If you set type to dynamic, an IKE Mode Config server is created.
assign-ip {enable | disable}
Enable to request an IP address from the server.
interface <interface_name>
This is a regular IPsec VPN field. Specify the physical, aggregate, or VLAN interface to which the IPsec tunnel will be bound.
proposal <encryption_combination>
This is a regular IPsec VPN field that determines the encryption and authentication settings that the client will accept. For more information, see “Defining IKE negotiation parameters”.
mode-cfg-ip-version {4|6}
Select if the Method client receives an IPv4 or IPv6 IP address. The default is 4. the ip‑version setting matches this variable’s value.
ip-version <4 | 6>
This is a regular IPsec VPN field. By default, IPsec VPNs use IPv4 addressing. You can set ip‑version to 6 to create a VPN with IPv6 addressing.
For a complete list of available variables, see the CLI Reference.