Technical Tip: IPsec VPN with native Mac OS X client - IKEv1

it is possible to use the GUI wizard to create it:

1) Go to Template type -> Remote access ->Remote Device type -> Native.

iOS Native.

2) Configure the incoming interface, the Pre-shared key, the User Group and the peer ID flagging Require Group Name on VPN Client.

3) Configure Local Interface, Local Address, Client Address Range and Mask, DNS setting, enable Split Tunnel if required.

From CLI.

# config vpn ipsec phase1-interface
    edit "MAC-client"
        set type dynamic
        set interface "port1"
        set keylife 3600
        set mode aggressive
        set peertype one
        set net-device disable
        set mode-cfg enable
        set ipv4-dns-server1 192.168.55.4
        set proposal aes256-sha256 aes256-md5 aes256-sha1
        set comments "VPN: dialup_mac (Created by VPN wizard)"
        set dhgrp 14 5 2
        set wizard-type dialup-ios
        set xauthtype auto
        set authusrgrp "IPSec-group"
        set peerid "fortinetpeer"
        set ipv4-start-ip 172.16.19.1
        set ipv4-end-ip 172.16.19.10
        set ipv4-split-include "dialup_mac_split"
        set psksecret fortinet
    next
end

# config vpn ipsec phase2-interface
    edit "MAC-client"
        set phase1name "MAC-client"
        set proposal aes256-sha256 aes256-md5 aes256-sha1
        set pfs disable
        set keepalive enable
        set comments "VPN: dialup_mac (Created by VPN wizard)"
    next
end

On the MAC.

 
Go to System Preferences -> Network and click on '+'.

Set interface to VPN, set VPN type to Cisco IPSec and then create

Configure Server Address, Account Name and Password.

Select Authentication Settings to configure Shared Secret and Group Name.

It is now, possible to connect.