Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
MJ_FTNT
Staff
Staff

Created on ‎08-28-2023 08:51 PM Edited on ‎09-08-2023 08:51 AM By Moderator

Article Id 270529

Technical Tip: Asymmetric pre-shared key with IKEv2

Description This article describes Asymmetric Pre-Shared Key (PSK) authentication within the context of Internet Key Exchange version 2 (IKEv2) Virtual Private Networks (VPNs) on FortiGate.
Scope FortiGate.
Solution

FGT-ASA.png

 

In contrast to some other third-party VPN devices like the Cisco ASA, which often require the mandatory specification of both a local and remote pre-shared key, the FortiGate VPN solution offers a more advanced and flexible approach.

While FortiGate does provide the option to configure conventional symmetric pre-shared keys for authentication, it also supports asymmetric pre-shared keys.

Below is a screenshot of the Cisco ASA VPN Wizard, which asks for local and remote PSK while configuring a VPN.

 
 

Cisco.png

 

On the FortiGate for IKEv2 VPN tunnels, it is possible to achieve asymmetric PSK by using the below commands (this is not available in the GUI):

 

config vpn ipsec phase1-interface
    edit <VPN_Name>
        set ike-version 2
        set authmethod psk
        set authmethod-remote psk
        set psksecret <local-password>
        set psksecret-remote <remote-password>
    next
end

 

Here, FortiGate's VPN local PSK will be the remote PSK for Cisco ASA and Cisco ASA's local PSK will be the remote PSK for FortiGate.
1693
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.