Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ranga
New Contributor

Phase I and Phase II interfaces in Fortinet.

Hello Guys,

 

I have a question to clarify. In theory we have Phase I interface with below settings .

 

1. The Authentication method (either a pre shared key or an RSA signature is usual). 2. The Encryption method (DES, 3DES, AES, AES-192, or AES-256). 3. The Hashing Method (MD5 or SHA). 4. The Diffie Helman Group (1, 2 or 5 usually). 5. Lifetime (In seconds before phase 1 should be re-established - usually 86400 seconds [1 day]).

 

Ex :(Configuring Phase I in another vendor product.)

crypto ikev1 policy 10 encryption 3des

authentication pre-share

hash md5

group 1

lifetime 28800

 

Ex 2 : (Configuring Phase I Interface in Fortinet)

config vpn ipsec phase1-interface edit "CorporateHQ" set interface "wan1" set keylife 28800 set proposal aes256-sha1 3des-sha1 set comments "Data Center" set dhgrp 2 set remote-gw 16.xx.121.6 set psksecret ENC bWFpbhIukdhfsdksffkghfkffkfXlgfJEZzOICb5hBALax9739mdjksmsjzFuawAQ9k3U1MXy8+lFDsE5gAE2eAS56nA== next end

 

My question is why we need to include Shared Secret ,Gateway IP and exclude Hashing method value. Anybody can clarify ?

 

Thanks in advance!  

0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors