You can configure VPN peers (or a FortiGate dialup server and a VPN client) to generate unique Internet Key Exchange (IKE) keys automatically during the IPsec Phase 1 and Phase 2 exchanges.

When you define Phase 2 parameters, you can choose any set of Phase 1 parameters to set up a secure connection for the tunnel and authenticate the remote peer. Auto Key configuration applies to both route-based and interface-based VPNs.

If you want to control how the IKE negotiation is processed when there is no traffic, as well as the length of time the FortiGate unit waits for negotiations to occur, you can use the negotiation-timeout and auto-negotiate commands in the CLI.

For more information, refer to “Auto-negotiate” and “Autokey Keep Alive”.