FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

> Chapter 14 - IPsec VPN > Supporting IKE Mode config clients > Example FortiGate unit as IKE Mode Config server

Example FortiGate unit as IKE Mode Config server

In this example, the FortiGate unit assigns IKE Mode Config clients addresses in the range of 10.11.101.160 through 10.11.101.180. DNS and WINS server addresses are also provided. The public interface of the FortiGate unit is Port 1.

When IKE Mode-Configuration is enabled, multiple server IPs can be defined in IPsec Phase 1.

The ipv4-split-include variable specifies a firewall address that represents the networks to which the clients will have access. This destination IP address information is sent to the clients.

Only the CLI fields required for IKE Mode Config are shown here. For detailed information about these variables, see the FortiGate CLI Reference.

config vpn ipsec phase1-interface

edit "vpn-p1"

set type dynamic

set interface "wan1"

set xauthtype auto

set mode aggressive

set mode-cfg enable

set proposal 3des-sha1 aes128-sha1

set dpd disable

set dhgrp 2

set xauthexpire on-rekey

set authusrgrp "FG-Group1"

set ipv4-start-ip 10.10.10.10

set ipv4-end-ip 10.10.10.20

set ipv4-dns-server1 1.1.1.1

set ipv4-dns-server2 2.2.2.2

set ipv4-dns-server3 3.3.3.3

set ipv4-wins-server1 4.4.4.4

set ipv4-wins-server2 5.5.5.5

set domain "fgt1c-domain"

set banner "fgt111C-banner"

set backup-gateway "100.100.100.1" "host1.com" "host2"

set ipv4-split-include OfficeLAN

end

 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy