IPsec VPN in the web-based manager
The IPsec VPN menu in FortiOS provides settings to configure an IPsec VPN. IPsec VPNs that are configured by using the general procedure below. With these steps, your FortiGate unit will automatically generate unique IPsec encryption and authentication keys.
1. Define phase 1 parameters to authenticate remote peers and clients for a secure connection. See
“Phase 1 configuration”.
2. Define phase 2 parameters to create a VPN tunnel with a remote peer or dialup client. See
“Phase 2 configuration”.
3. Create a security policy to permit communication between your private network and the VPN. Policy-based VPNs have an action of IPSEC, where for interface-based VPNs the security policy action is ACCEPT. See
“Defining VPN security policies”.
The FortiGate unit implements the Encapsulated Security Payload (ESP) protocol. Internet Key Exchange (IKE) is performed automatically based on pre-shared keys or X.509 digital certificates. Interface mode, supported in NAT mode only, creates a virtual interface for the local end of a VPN tunnel.
This topic contains the following: