Description
This article describes how to configure IKE version 1 or 2 in IPsec VPN FortiGate.
Solution
Internet Key Exchange (IKE) is the protocol used to set up SAs in IPsec negotiation.
Choose IKEv2 over IKEv1 is possible if a route-based IPsec VPN is configured.
IKEv2 simplifies the negotiation process, in that it provides no choice of Aggressive or Main mode in Phase 1.
IKEv2 also uses less bandwidth.
CLI command to configure IKE version in phase1.
This article describes how to configure IKE version 1 or 2 in IPsec VPN FortiGate.
Solution
Internet Key Exchange (IKE) is the protocol used to set up SAs in IPsec negotiation.
Choose IKEv2 over IKEv1 is possible if a route-based IPsec VPN is configured.
IKEv2 simplifies the negotiation process, in that it provides no choice of Aggressive or Main mode in Phase 1.
IKEv2 also uses less bandwidth.
CLI command to configure IKE version in phase1.
# config vpn ipsec phase1-interfaceIKE version will be configured under 'Authentication' section of phase1 in the VPN tunnel.
edit "TUNNEL_NAME"
set type dynamic
set interface "port1"
set ike-version <Integer> --It could be 1 or 2
end
