Fortinet fortigate-50r Installationsanweisungen

Fortunate supports two methods of Automatic Internet Key Exchange (AutoIKE) for 
the purpose of establishing IPSec VPN tunnels: AutoIKE with pre-shared keys and 
AutoIKE with digital certificates.

•

•

•

An AutoIKE VPN configuration consists of phase 1 and phase 2 configuration 
parameters, the source and destination addresses for both ends of the tunnel, and an 
encrypt policy to control access to the VPN tunnel.

To create an AutoIKE VPN configuration:

Add the phase 1 parameters. See 

Add the phase 2 parameters. See 

Configure an encrypt policy that includes the tunnel, source address, and destination 
address for both ends of the tunnel. See 

.

When you add a phase 1 configuration, you define the terms by which the FortiGate 
unit and a remote VPN peer (gateway or client) authenticate themselves to each other 
prior to the establishment of an IPSec VPN tunnel.

The phase 1 configuration is related to the phase 2 configuration. In phase 1 the VPN 
peers are authenticated; in phase 2 the tunnel is established. You have the option to 
use the same phase 1 parameters to establish multiple tunnels. In other words, the 
same remote VPN peer (gateway or client) can have multiple tunnels to the local VPN 
peer (the FortiGate unit).

When the FortiGate unit receives an IPSec VPN connection request, it authenticates 
the VPN peers according to the phase 1 parameters. Then, depending on the source 
and destination addresses of the request, it starts an IPSec VPN tunnel and applies 
an encrypt policy. 

To add a phase 1 configuration:

Go to VPN > IPSEC > Phase 1.

Select New to add a new phase 1 configuration.

Note: Prior to configuring an AutoIKE VPN that uses digital certificates, you must add the CA 
and local certificates to the FortiGate unit. For details, see 

.