Description
This article describes the process through which IPsec VPN is established in Phase 1 - aggressive mode with some example from Wireshark.
Useful links:
Fortinet Documentation.
Solution
The IPsec VPN communications build up with 2-step negotiation:
Phase1: Authenticates and/or encrypt the peers.
Phase2 (Quick mode): Negotiates the algorithm and agree on which traffic will be sent across the VPN.
In this KB, the focus will be on Phase1 aggressive mode. Aggressive mode usually used for remote access VPN or if one or both peers have dynamic external IP addresses.
IKEv1 aggressive mode only requires three messages to establish the security association.
Network Topology:
FortiClient (Remote VPN) ----------- L3 Network --------- LAB FortiGate
[192.168.242.57] [Port1(WAN): 10.47.2.72]
Related articles:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.