Fortinet fortigate-200a Betriebsanweisung
VPN
CLI configuration
FortiGate-300A Administration Guide
01-28006-0092-20041105
277
Example
Use the following command to edit an IPSec VPN phase 1 configuration with the
following characteristics:
following characteristics:
• Phase 1 configuration name: Simple_GW
• Remote peer address type: Dynamic
• Encryption and authentication proposal: des-md5
• Authentication method: psk
• Pre-shared key: Qf2p3O93jIj2bz7E
• Mode: aggressive
• Dead Peer Detection: enable
• Long idle: 1000
• Short idle: 150
• Retry count: 5
• Retry interval: 30
• Remote peer address type: Dynamic
• Encryption and authentication proposal: des-md5
• Authentication method: psk
• Pre-shared key: Qf2p3O93jIj2bz7E
• Mode: aggressive
• Dead Peer Detection: enable
• Long idle: 1000
• Short idle: 150
• Retry count: 5
• Retry interval: 30
config vpn ipsec phase1
edit Simple_GW
set Type dynamic
set proposal des-md5
set authmethod psk
set psksecret Qf2p3O93jIj2bz7E
set mode aggressive
set dpd enable
set dpd-idlecleanup 1000
set dpd-idleworry 150
set dpd-retrycount 5
set dpd-retryinterval 30
set proposal des-md5
set authmethod psk
set psksecret Qf2p3O93jIj2bz7E
set mode aggressive
set dpd enable
set dpd-idlecleanup 1000
set dpd-idleworry 150
set dpd-retrycount 5
set dpd-retryinterval 30
end
ipsec phase2
In addition to the advanced IPSec Phase 2 settings, the config vpn ipsec
phase2 CLI command provides a way to bind the VPN tunnel selected in a Phase 2
phase2 CLI command provides a way to bind the VPN tunnel selected in a Phase 2
configuration to a specific network interface. This setting may be required under
special circumstances to disable channel redundancy, but is not required for most
configurations.
special circumstances to disable channel redundancy, but is not required for most
configurations.
Command syntax pattern
config vpn ipsec phase2
edit <name_str>
set <keyword> <variable>
end
config vpn ipsec phase2
edit <name_str>
unset <keyword>
end