fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Supporting IKE Mode config clients Configuring IKE Mode Config<br />
Variable Description<br />
interface<br />
<br />
proposal<br />
<br />
After you have enabled the basic configuration, you can configure:<br />
IP address assignment for clients<br />
DNS and WINS server assignment<br />
IP address assignment<br />
Usually you will want to assign IP addresses to clients. The simplest method is to assign<br />
addresses from a specific range, similar to a DHCP server.<br />
If your clients are authenticated by a RADIUS server, you can obtain the user’s IP address<br />
assignment from the Framed-IP-Address attribute. The user must be authenticated using<br />
XAuth.<br />
To assign IP addresses from an address range<br />
If your VPN uses IPv4 addresses,<br />
config vpn <strong>ipsec</strong> phase1-interface<br />
edit vpn1<br />
set mode-cfg-ipversion 4<br />
set assign-ip enable<br />
set assign-ip-type ip<br />
set assign-ip-from range<br />
set ipv4-start-ip <br />
set ipv4-end-ip <br />
set ipv4-netmask <br />
end<br />
If your VPN uses IPv6 addresses,<br />
config vpn <strong>ipsec</strong> phase1-interface<br />
edit vpn1<br />
set mode-cfg-ipversion 6<br />
set assign-ip enable<br />
set assign-ip-type ip<br />
set assign-ip-from range<br />
set ipv6-start-ip <br />
set ipv6-end-ip <br />
end<br />
This is a regular IPsec VPN field. Specify the physical,<br />
aggregate, or VLAN interface to which the IPsec tunnel<br />
will be bound.<br />
This is a regular IPsec VPN field that determines the<br />
encryption and authentication settings that the server<br />
will accept. For more information, see “Defining IKE<br />
negotiation parameters” on page 49.<br />
ip-version This is a regular IPsec VPN field. By default, IPsec<br />
VPNs use IPv4 addressing. You can set ip-version<br />
to 6 to create a VPN with IPv6 addressing.<br />
FortiOS Handbook v3: IPsec VPNs<br />
01-434-112804-20120111 143<br />
http://docs.fortinet.com/