config vpn ipsec phase1-interface
edit "APPLE"
set type dynamic
set interface "wan1"
set ike-version 2
set peertype any
set mode-cfg enable
set proposal aes256-sha256
set localid "myfortinet" ---{ This has to be included in “remote ID” on the APPLE VPN setting for IKEV2 on iPhone or MAC
set negotiate-timeout 300
set comments "VPN: APPLE (Created by VPN wizard)"
set dhgrp 14 5 2
set eap enable ---{ Must be enabled
set eap-identity send-request ---{ Must be enabled
set authusrgrp "APPLEGRP" ---{ This is the VPN user group on iPhone or MAC
set nattraversal disable
set ipv4-start-ip 100.100.100.1
set ipv4-end-ip 100.100.100.254
set ipv4-netmask 255.255.255.0
set dns-mode auto
set psksecret ENC 2Eb1R/eekbaG1DdttzIEXXTh/z9h0f9SNuSri5z3ObCIf4KiBKcQhnbf4N3B8tNxGUU64Pq3DwLlMHVe4ZZQkcT4NnVMaquHKFme
c4d4o8HqcPdJpIjZHAzB6RqIVA1l88gV7lWLY7ihVIVecPEoc/jF3SahI652/Bc72i1dExKCrID5yv5Z5Dz/wGAv7WFDz1c7bQ==
set dpd-retrycount 5
set dpd-retryinterval 5
next
end
config vpn ipsec phase2-interface
edit "APPLE"
set phase1name "APPLE"
set proposal aes256-sha256
set keepalive enable
set comments "VPN: APPLE (Created by VPN wizard)"
next
end
config user local
edit "fortinet"
set type password
set passwd-time 2017-08-13 18:45:18
set passwd ENC ABjdUzvK5T7U4jSS1xdB63OPNMsC5w08Yzdx5dRYO+zq7YPsYbv1BFaO/kq/CH6N30i20KbCLLHrfWIn57ziOqUbEBuVGV7hp9SsNNq
Al61Y3y0XTn8YOYpE0EP5tkaScVTRuBTouP1NgtH900fQRF8myuIIZkkaKtcxiaS2DRbIe6cbRjg0cIPGE3fbzBYPEiPifw==
next
end
config user group
edit "APPLEGRP"
set member "fortinet"
end
Apple IOS native VPN Config (Snap-shots):IKEv2 modeIKEv2 selectedConfiguration interface Iphone
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.