Phase 1, Phase 1 list – Fortinet 100A User Manual
Page 246
246
01-28007-0068-20041203
Fortinet Inc.
Phase 1 list
VPN
Phase 1
The basic phase 1 settings associate IPSec phase 1 parameters with a remote
gateway and determine:
• whether the various phase 1 parameters will be exchanged in multiple rounds with
encrypted authentication information (main mode) or in a single message with
authentication information that is not encrypted (aggressive mode)
• whether a preshared key or digital certificates will be used to authenticate the
identities of the two VPN peers
• whether a peer identifier, certificate distinguished name, or group name will be
used to identify the remote peer or client when a connection attempt is made
In phase 1, the two VPN peers exchange keys to establish a secure communication
channel between them. The advanced P1 Proposal parameters select the encryption
and authentication algorithms that are used to generate the keys. Additional advanced
phase 1 settings can be selected to ensure the smooth operation of phase 1
negotiations.
To configure phase 1 settings
1
Go to VPN > IPSEC > Phase 1.
2
Follow the general guidelines in these sections:
•
•
“Phase 1 basic settings” on page 247
•
“Phase 1 advanced settings” on page 249
For information about how to choose the correct phase 1 settings for your particular
situation, refer to the
.
Phase 1 list
Figure 120:IPSec VPN Phase 1 list
Note: The procedures in this section assume that you want the FortiGate unit to generate
unique IPSec encryption and authentication keys automatically. In situations where a remote
VPN peer requires a specific IPSec encryption and/or authentication key, you must configure
the FortiGate unit to use manual keys instead. For more information, see
.
Create New
Select Create New to create a new phase 1 configuration.
Gateway Name
The names of existing phase 1 configurations.
Gateway IP
The IP address or domain name of a remote peer, or Dialup for a dialup
client.
Mode
Main or Aggressive.