Hot!Phase I and Phase II interfaces in Fortinet.

Author
Ranga
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/05/19 00:43:26
  • Status: offline
2017/10/20 01:18:04 (permalink)
0

Phase I and Phase II interfaces in Fortinet.

Hello Guys,
 
I have a question to clarify. In theory we have Phase I interface with below settings .
 
1. The Authentication method (either a pre shared key or an RSA signature is usual).
2. The Encryption method (DES, 3DES, AES, AES-192, or AES-256).
3. The Hashing Method (MD5 or SHA).
4. The Diffie Helman Group (1, 2 or 5 usually).
5. Lifetime (In seconds before phase 1 should be re-established - usually 86400 seconds [1 day]).
 
Ex :(Configuring Phase I in another vendor product.)
crypto ikev1 policy 10 encryption 3des
authentication pre-share
hash md5
group 1
lifetime 28800
 
Ex 2 : (Configuring Phase I Interface in Fortinet)
config vpn ipsec phase1-interface
edit "CorporateHQ"
set interface "wan1"
set keylife 28800
set proposal aes256-sha1 3des-sha1
set comments "Data Center"
set dhgrp 2
set remote-gw 16.xx.121.6
set psksecret ENC bWFpbhIukdhfsdksffkghfkffkfXlgfJEZzOICb5hBALax9739mdjksmsjzFuawAQ9k3U1MXy8+lFDsE5gAE2eAS56nA==
next
end
 
My question is why we need to include Shared Secret ,Gateway IP and exclude Hashing method value. Anybody can clarify ?
 
Thanks in advance!  
#1

0 Replies Related Threads

    Jump to:
    © 2018 APG vNext Commercial Version 5.5