Select Aggressive or Main (ID protection): If you selected Signature for the authentication method, select + and then select one or more certificates that the FortiGate unit managed by a FortiProxy unit will use to authenticate itself. Minimum of 16 randomly chosen alphanumeric characters. For optimum protection against currently known attacks, the key must consist of a The key must contain at least 6 printable characters. You must define the same key at the remote peer or client. If you selected Pre-shared Key for the authentication method, enter the pre-shared key that the FortiGate unit managed by a FortiProxy unit will use to authenticate itself to the remote peer or dialup client during Phase 1 negotiations. Signature-Use one or more certificates for authentication.Users of the VPN must obtain the preshared key from the person who manages the VPN server and add the preshared key to their VPN client configuration. Pre-shared Key-A preshared key contains at least six random alphanumeric characters.With On Idle or On Demand selected, you can use the config vpn ipsec phase1 (tunnel mode) or config vpn ipsec phase1-interface (interface mode) CLI command to optionally specify a retry count and a retry interval. You can use this option to receive notification whenever a tunnel goes up or down, or to keep the tunnel connection open when no traffic is being generated inside the tunnel. Select On Idle to reestablish VPN tunnels on idle connections and clean up dead IKE peers if required. If you selected Enable or Forced for the NAT traversal, enter a keep-alive frequency. This approach maintains interoperability with any IPsec implementation that supports the NAT-T RFC. This causes the peer to think it is behind a NAT device, and it will use UDP encapsulation for IPsec, even if no NAT is present. If this option is set to Forced, the FortiGate uses a port value of zero when constructing the NAT discovery hash for the peer. The local FortiGate unit and the VPN peer or client must have the same NAT traversal setting (both selected or both cleared) to connect reliably.Īdditionally, you can force IPsec to use NAT traversal. Select Enable if a NAT device exists between the local FortiGate unit that is managed by a FortiProxy unit. Through which remote peers connect to the FortiGate unit that is managed by the FortiProxy unit.Įnable this option to configure a local gateway and then select Primary IP, Secondary IP, or Specify. This option is set to Static IP Address for a remote peer that has a static IP address. The name of the IPsec tunnel cannot be changed.Īn optional description of the IPsec tunnel. After you make all of your changes, select OK. After each editing a section, select the checkmark icon to save your changes. Select an IPsec tunnel and then select Edit to open the Edit VPN Tunnel page.Ĭonfigure the following settings in the Edit VPN Tunnel page. Edit an IPsec tunnel Edit an IPsec tunnel
0 kommentar(er)
