Phase I and Phase II interfaces in Fortinet.
I have a question to clarify. In theory we have Phase I interface with below settings .
1. The Authentication method (either a pre shared key or an RSA signature is usual).
2. The Encryption method (DES, 3DES, AES, AES-192, or AES-256).
3. The Hashing Method (MD5 or SHA).
4. The Diffie Helman Group (1, 2 or 5 usually).
5. Lifetime (In seconds before phase 1 should be re-established - usually 86400 seconds [1 day]).
Ex :(Configuring Phase I in another vendor product.)
crypto ikev1 policy 10 encryption 3des
Ex 2 : (Configuring Phase I Interface in Fortinet)
config vpn ipsec phase1-interface
set interface "wan1"
set keylife 28800
set proposal aes256-sha1 3des-sha1
set comments "Data Center"
set dhgrp 2
set remote-gw 16.xx.121.6
set psksecret ENC bWFpbhIukdhfsdksffkghfkffkfXlgfJEZzOICb5hBALax9739mdjksmsjzFuawAQ9k3U1MXy8+lFDsE5gAE2eAS56nA==
My question is why we need to include Shared Secret ,Gateway IP and exclude Hashing method value. Anybody can clarify ?
Thanks in advance!