Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nknit
New Contributor

Set two different psk ikev2

Hello Community,

 

I've to set two different PSK at a site-to-site vpn ikev2 tunnel. The gui or cli will only set one key for psk. I've to set up a tunnel to a lancom firewall, there is a psk configured for local and one for remote.

How to set two different psk to one ikev2 tunnel configuration?

 

Thanks

 

Markus

Markus

--

Fortigate 101E

Fortigate 30E

Markus -- Fortigate 101E Fortigate 30E
1 Solution
emnoc
Esteemed Contributor III

Not possible nor required. Just use the single psk for ikev2.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
4 REPLIES 4
emnoc
Esteemed Contributor III

Not possible nor required. Just use the single psk for ikev2.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Radu_sec
New Contributor II

Hi Ken,

 

Do you know if Fortigate supports different auth methods for initiator and responder for IKEv2? 

My guess is not.

 

Radu

emnoc
Esteemed Contributor III

With ike v2 you can, here's an example of what we have 

 

config vpn ipsec phase1-interface edit "FRBERCYSUR"

 

set interface "wan1"

 

set ike-version 2

set authmethod-remote psk

set proposal aes128-sha256 aes256-sha256 

 

set psksecret ENC nLAhFxw2/8DFakOzmWpDMb/yywgeMJ7sMwuQyl7eMOgLRxLiZjZaHWxEXn3ei13SJXZNYehCZsjnarMSFOO7MBnu/XK7NKFQBxG9n6S0ij4KwLTPIlCwruu/MA9S9obIBrK5EyEiqJY0VWhWqERUndlK1K7kGWgy+fqYKVrlqgkOR28FhCwzGVHuoxvZ81d5tRZ9yg==

 

set psksecret-remote ENC Rh2IPSo+TUdO/G56sE9Q9BUSGwSHHuu3NrBhQl4J2Z9jUAb0MTlyhDuvFHHn+sSOnp7de67KADX8eKff69VAfgaBnGOUDhmbJCp38e0KOuJ1LHKcA+6hoMlpDUK54zxdswkppkD+3vWBeSFAG2o/4XYHRRMU6i1DrhHSaUBfZ+XVS/OrGXo0eHp116SiEGWUyOxk4A== next end

 

Ken Felix

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Radu_sec
New Contributor II

Hi Ken,

 

You are correct, I was checking this on a box running FortiOS 5.4 and I don't see those commands.

I checked for one running 6.2 and it is indeed working.

 

Thanks for prompt response

 

Radu 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors