Fortinet fortigate-100a Betriebsanweisung

You configure the AutoIKE phase 2 settings to specify the parameters used to create 
and maintain a VPN tunnel between the local VPN peer (the FortiGate unit) and the 
remote VPN peer (the VPN gateway or client).

In most cases, you only need to configure the basic phase 2 settings.

Go to VPN > IPSEC > Phase 2.

Select Create New to create a new VPN tunnel or select an existing tunnel to 
configure. 

Select the type of encryption method used between the XAuth client, the 

FortiGate unit and the authentication server.
PAP— Password Authentication Protocol.
CHAP— Challenge-Handshake Authentication Protocol.
MIXED—Select MIXED to use PAP between the XAuth client and the 

FortiGate unit, and CHAP between the FortiGate unit and the 

authentication server.
Use CHAP whenever possible. Use PAP if the authentication server does 

not support CHAP. (Use PAP with all implementations of LDAP and some 

implementations of Microsoft RADIUS). Use MIXED if the authentication 

server supports CHAP but the XAuth client does not. (Use MIXED with the 

Fortinet Remote VPN Client.).

Select a group of users to be authenticated by XAuth. The individual users 

within the group can be authenticated locally or by one or more LDAP or 

RADIUS servers. 
The user group must be added to the FortiGate configuration before it can 

be selected here. 

Select Create New to add a Phase 2 configuration, also called a VPN 

tunnel.

The names of the Phase 2 configurations (VPN tunnels) added.

The the name of the remote gateway (phase 1 configuration) associated 

with this phase 2 configuration.

The tunnel key lifetime.