Phase I and Phase II interfaces in Fortinet.

Hello Guys,

I have a question to clarify. In theory we have Phase I interface with below settings .

1. The Authentication method (either a pre shared key or an RSA signature is usual). 2. The Encryption method (DES, 3DES, AES, AES-192, or AES-256). 3. The Hashing Method (MD5 or SHA). 4. The Diffie Helman Group (1, 2 or 5 usually). 5. Lifetime (In seconds before phase 1 should be re-established - usually 86400 seconds [1 day]).

Ex :(Configuring Phase I in another vendor product.)

crypto ikev1 policy 10 encryption 3des

authentication pre-share

hash md5

group 1

lifetime 28800

Ex 2 : (Configuring Phase I Interface in Fortinet)

config vpn ipsec phase1-interface edit "CorporateHQ" set interface "wan1" set keylife 28800 set proposal aes256-sha1 3des-sha1 set comments "Data Center" set dhgrp 2 set remote-gw 16.xx.121.6 set psksecret ENC bWFpbhIukdhfsdksffkghfkffkfXlgfJEZzOICb5hBALax9739mdjksmsjzFuawAQ9k3U1MXy8+lFDsE5gAE2eAS56nA== next end

My question is why we need to include Shared Secret ,Gateway IP and exclude Hashing method value. Anybody can clarify ?

Thanks in advance!