Example: FortiGate unit as IKE Mode Config server

Chapter 11 IPsec VPN for FortiOS 5.0 : Supporting IKE Mode config clients : Example: FortiGate unit as IKE Mode Config server

In this example, the FortiGate unit assigns IKE Mode Config clients addresses in the range of 10.11.101.160 through 10.11.101.180. DNS and WINS server addresses are also provided. The public interface of the FortiGate unit is Port 1.

The ipv4-split-include variable specifies a firewall address that represents the networks to which the clients will have access. This destination IP address information is sent to the clients.

Only the CLI fields required for IKE Mode Config are shown here. For detailed information about these variables, see the FortiGate CLI Reference.

config vpn ipsec phase1-interface

edit vpn1

set ip-version 4

set type dynamic

set interface port1

set proposal 3des-sha1 aes128-sha1

set mode-cfg enable

set mode-cfg-ipversion 4

set assign-ip enable

set assign-ip-type ip

set assign-ip-from range

set ipv4-start-ip 10.11.101.160

set ipv4-end-ip 10.11.101.180

set ipv4-netmask 255.255.255.0

set dns-server1 10.11.101.199

set dns-server2 66.11.168.195

set wins-server1 10.11.101.191

set domain example

set ipv4-split-include OfficeLAN

end