Fortinet fortigate-200a Betriebsanweisung
250
01-28006-0092-20041105
Fortinet Inc.
Phase 1
VPN
Phase 1 advanced options
Figure 122:Phase 1 advanced settings
Pre-shared Key If you select Preshared Key for Authentication Method, enter the preshared
key.
The key must contain at least 6 printable characters and should only be
The key must contain at least 6 printable characters and should only be
known by network administrators. For optimum protection against currently
known attacks, the key should consist of a minimum of 16 randomly chosen
alphanumeric characters.
The VPN peers must use the same preshared key.
The VPN peers must use the same preshared key.
Certificate
Name
Name
If you select RSA Signature for Authentication Method, enter the name of the
digital certificate. For information on how to use digital certificates, see
Peer Options
Depending on the Remote Gateway and Mode settings, you may have a
choice of peer options to authenticate remote dialup clients or VPN peers with
local IDs, peer IDs, or certificate names. The local ID, peer ID, or certificate
name that you specify must match the local ID, peer ID, or certificate name of
the remote client or peer for the remote client or peer to start a VPN session
with the FortiGate unit.
•
•
Select Accept any peer ID to accept the local ID or peer ID of any remote
client or VPN peer.
client or VPN peer.
•
Select Accept this peer ID to accept a remote client or group that has a
particular local ID or peer ID. Enter the value.
particular local ID or peer ID. Enter the value.
•
Select Accept peer ID in dialup group to accept remote clients that belong
to a particular dialup group. Select the group of dialup users.
to a particular dialup group. Select the group of dialup users.
•
Select Accept this peer certificate only to accept a remote client or group
that has a particular digital certificate. The certificate must be added to the
FortiGate configuration through the config user peer CLI command
before it can be selected here. For more information, see the “config user”
chapter of the CLI Reference Guide. See also
that has a particular digital certificate. The certificate must be added to the
FortiGate configuration through the config user peer CLI command
before it can be selected here. For more information, see the “config user”
chapter of the CLI Reference Guide. See also
.
•
Select Accept this peer certificate group only to accept a group of
certificate holders. The group must be added to the FortiGate
configuration through the config user peer and config user
peergrp CLI commands before it can be selected here. For more
information, see the “config user” chapter of the CLI Reference Guide.
certificate holders. The group must be added to the FortiGate
configuration through the config user peer and config user
peergrp CLI commands before it can be selected here. For more
information, see the “config user” chapter of the CLI Reference Guide.