Description
This article describes how to configure Apple IOS native VPN using IKEv2 connection for IPSEC-VPN to a FortiGate.
Solution
Here is the recommended settings on the FortiGate side:
This article describes how to configure Apple IOS native VPN using IKEv2 connection for IPSEC-VPN to a FortiGate.
Solution
Here is the recommended settings on the FortiGate side:
config vpn ipsec phase1-interface
edit "APPLE"
set type dynamic
set interface "wan1"
set ike-version 2
set peertype any
set mode-cfg enable
set proposal aes256-sha256
set localid "myfortinet" ---{ This has to be included in “remote ID” on the APPLE VPN setting for IKEV2 on iPhone or MAC
set negotiate-timeout 300
set comments "VPN: APPLE (Created by VPN wizard)"
set dhgrp 14 5 2
set eap enable ---{ Must be enabled
set eap-identity send-request ---{ Must be enabled
set authusrgrp "APPLEGRP" ---{ This is the VPN user group on iPhone or MAC
set nattraversal disable
set ipv4-start-ip 100.100.100.1
set ipv4-end-ip 100.100.100.254
set ipv4-netmask 255.255.255.0
set dns-mode auto
set psksecret ENC 2Eb1R/eekbaG1DdttzIEXXTh/z9h0f9SNuSri5z3ObCIf4KiBKcQhnbf4N3B8tNxGUU64Pq3DwLlMHVe4ZZQkcT4NnVMaquHKFme
c4d4o8HqcPdJpIjZHAzB6RqIVA1l88gV7lWLY7ihVIVecPEoc/jF3SahI652/Bc72i1dExKCrID5yv5Z5Dz/wGAv7WFDz1c7bQ==
set dpd-retrycount 5
set dpd-retryinterval 5
next
end
config vpn ipsec phase2-interface
edit "APPLE"
set phase1name "APPLE"
set proposal aes256-sha256
set keepalive enable
set comments "VPN: APPLE (Created by VPN wizard)"
next
end
config user local
edit "fortinet"
set type password
set passwd-time 2017-08-13 18:45:18
set passwd ENC ABjdUzvK5T7U4jSS1xdB63OPNMsC5w08Yzdx5dRYO+zq7YPsYbv1BFaO/kq/CH6N30i20KbCLLHrfWIn57ziOqUbEBuVGV7hp9SsNNq
Al61Y3y0XTn8YOYpE0EP5tkaScVTRuBTouP1NgtH900fQRF8myuIIZkkaKtcxiaS2DRbIe6cbRjg0cIPGE3fbzBYPEiPifw==
next
end
config user group
edit "APPLEGRP"
set member "fortinet"
end
Apple IOS native VPN Config (Snap-shots):IKEv2 modeIKEv2 selectedConfiguration interface Iphone
