# config vpn ipsec phase1-interface2) Configuration of phase2.
edit "frtest"
set type ddns <-----
set interface "wan1"
set peertype any
set net-device disable
set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
set wizard-type static-fortigate
set remotegw-ddns "testbran.fortiddns.com" >>>>FQDN address
next
# conf vpn ipsec phase2-interfaceNote.
edit "frtest"
set phase1name "frtest"
set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
set src-addr-type name
set dst-addr-type name
set src-name "frtest_local"
set dst-name "frtest_remote"
next
end
FGT # diagnose vpn ike gateway list
vd: root/0
name: frtest
version: 1
interface: wan1 7
addr: 10.5.22.98:4500 -> 10.5.21.219:64916 <----- Resolved FQDN IP is listed.
created: 3199s ago
nat: peer
IKE SA: created 1/2 established 1/1 time 20/20/20 ms
IPsec SA: created 1/2 established 1/1 time 20/20/20 ms
id/spi: 23274 fdc5a41724a8e065/ed8c3e19adb75840
direction: responder
status: established 3194-3194s ago = 20ms
proposal: aes128-sha256
key: 3c359876a94b04d2-b70eade19fc29822
lifetime/rekey: 86400/82935
DPD sent/recv: 00000000/00000000
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.