Phase 2 configuration
After IPsec phase 1 negotiations end successfully, you begin phase 2. You configure the phase 2 parameters to define the algorithms that the FortiGate unit may use to encrypt and transfer data for the remainder of the session. During phase 2, you select specific IPsec security associations needed to implement security services and establish a tunnel.
The basic phase 2 settings associate IPsec phase 2 parameters with the phase 1 configuration that specifies the remote end point of the VPN tunnel. In most cases, you need to configure only basic phase 2 settings.
To configure Phase 2 settings, go to VPN > Auto Key (IKE) and select Create Phase 2.
Name | Type a name to identify the phase 2 configuration. |
Phase 1 | Select the phase 1 tunnel configuration. For more information on configuring phase 1, see “Phase 1 configuration”. The phase 1 configuration describes how remote VPN peers or clients will be authenticated on this tunnel, and how the connection to the remote peer or client will be secured. |
Advanced | Define advanced phase 2 parameters. For more information, see “Phase 2 advanced configuration settings”. |