Chapter 11 IPsec VPN for FortiOS 5.0 : Supporting IKE Mode config clients : Configuring an IKE Mode Config server
  
Configuring an IKE Mode Config server
If the FortiGate unit will accept connection requests from dialup clients that support IKE Mode Config, the following vpn ipsec phase1-interface settings are required before any other configuration is attempted:
Variable
Description
ike-version 1
IKE v1 is the default for FortiGate IPsec VPNs.
IKE Mode Config is also compatible with IKE v2
(RFC 4306).
mode-cfg enable
Enable IKE Mode Config.
type dynamic
Any other setting creates an IKE Mode Config client.
interface <interface_name>
This is a regular IPsec VPN field. Specify the physical, aggregate, or VLAN interface to which the IPsec tunnel will be bound.
proposal <encryption_combination>
This is a regular IPsec VPN field that determines the encryption and authentication settings that the server will accept. For more information, see “Defining IKE negotiation parameters”.
ip-version <4 | 6>
This is a regular IPsec VPN field. By default, IPsec VPNs use IPv4 addressing. You can set ip‑version to 6 to create a VPN with IPv6 addressing.
For a complete list of available variables, see the CLI Reference.
After you have enabled the basic configuration, you can configure:
IP address assignment for clients
DNS and WINS server assignment