Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jomof
Contributor

Not seeing the option configure to AES and sha 256 on FortiGate hub using ADVPN

Hello all,

 

I humbly request your assistant.

 

I configure the ADVPN on the hub but I would like to configure AES and sha 256 but I am not allowed to configure same .

 

The screen shot below is only options I am see, not even the option to convert to full configure is displayed.

Screenshot 2024-12-23 082946.png

 

Thank you

 

Regards

 

8 REPLIES 8
kaman
Staff
Staff

Hi jomof,

You can see the Encryption and Authentication settings under Phase1 Proposal

Also, when users create an IPSec VPN using the VPN Creating Wizard, it is impossible to view the phase 1/phase2 proposals and IKE version in the GUI, select 'Convert To Custom Tunnel' to view and modify the settings in the GUI.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Change-in-default-settings-when-creating-I...

If you have found a solution, please like and accept it to make it easily accessible to others.

Regards,
Aman




jomof

Hello Kaman,

Thank you for the prompt reply 

I am not seeing the convert to custom tunnel option. 

 

Screenshot 2024-12-23 095117.png

Renante_Era

It appears that it's already converted to custom. You should be able Phase1 and Phase2 entries by selecting the pen like icon.

If you want to edit that in CLI, you'll be able to see the settings using the following commands:

show full vpn ipsec phase1-interface

show full vpn ipsec phase2-interface

BSCS, BCIS, MIT
kaman
Staff
Staff

Please refer to the below document on IPsec VPN wizard hub-and-spoke ADVPN support


https://docs.fortinet.com/document/fortigate/7.6.1/administration-guide/853412/ipsec-vpn-wizard-hub-...

jomof

Hello Kaman,

 

I redo the hub using the information from the document but still not getting the option Convert to Custom Tunnel.

 

Regards

hbac

Hello @jomof,

 

Have you tried making those changes in the CLI? 

 

Regards, 

jomof

Hello hbac,

 

No, but strangely I am getting the convert option on the spoke using the key generated from the Hub.

Regards

kaman
Staff
Staff

Hi jomof,

For Hub-and-Spoke template there is no option to edit through GUI.

You can edit from the CLI as below:

config vpn ipsec phase1-interface
edit star_lethem
set proposal aes128-sha256
end

You can use the "?" keyword also after set proposal command to check all the Phase1 proposals.

If you have found a solution, please like and accept it to make it easily accessible to others.

Regards,
Aman

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors