Hello Guys,
I have a question to clarify. In theory we have Phase I interface with below settings .
1. The Authentication method (either a pre shared key or an RSA signature is usual). 2. The Encryption method (DES, 3DES, AES, AES-192, or AES-256). 3. The Hashing Method (MD5 or SHA). 4. The Diffie Helman Group (1, 2 or 5 usually). 5. Lifetime (In seconds before phase 1 should be re-established - usually 86400 seconds [1 day]).
Ex :(Configuring Phase I in another vendor product.)
crypto ikev1 policy 10 encryption 3des
authentication pre-share
hash md5
group 1
lifetime 28800
Ex 2 : (Configuring Phase I Interface in Fortinet)
config vpn ipsec phase1-interface edit "CorporateHQ" set interface "wan1" set keylife 28800 set proposal aes256-sha1 3des-sha1 set comments "Data Center" set dhgrp 2 set remote-gw 16.xx.121.6 set psksecret ENC bWFpbhIukdhfsdksffkghfkffkfXlgfJEZzOICb5hBALax9739mdjksmsjzFuawAQ9k3U1MXy8+lFDsE5gAE2eAS56nA== next end
My question is why we need to include Shared Secret ,Gateway IP and exclude Hashing method value. Anybody can clarify ?
Thanks in advance!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.