FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 14 - IPsec VPN > Supporting IKE Mode config clients > Example FortiGate unit as IKE Mode Config server

Example FortiGate unit as IKE Mode Config server

In this example, the FortiGate unit assigns IKE Mode Config clients addresses in the range of through DNS and WINS server addresses are also provided. The public interface of the FortiGate unit is Port 1.

When IKE Mode-Configuration is enabled, multiple server IPs can be defined in IPsec Phase 1.

The ipv4-split-include variable specifies a firewall address that represents the networks to which the clients will have access. This destination IP address information is sent to the clients.

Only the CLI fields required for IKE Mode Config are shown here. For detailed information about these variables, see the FortiGate CLI Reference.

config vpn ipsec phase1-interface

edit "vpn-p1"

set type dynamic

set interface "wan1"

set xauthtype auto

set mode aggressive

set mode-cfg enable

set proposal 3des-sha1 aes128-sha1

set dpd disable

set dhgrp 2

set xauthexpire on-rekey

set authusrgrp "FG-Group1"

set ipv4-start-ip

set ipv4-end-ip

set ipv4-dns-server1

set ipv4-dns-server2

set ipv4-dns-server3

set ipv4-wins-server1

set ipv4-wins-server2

set domain "fgt1c-domain"

set banner "fgt111C-banner"

set backup-gateway "" "" "host2"

set ipv4-split-include OfficeLAN