
IPSec VPN | AutoIKE IPSec VPNs |
|
|
10Optionally, enter the Local ID of the FortiGate unit.
The entry is required if the FortiGate unit is functioning as a client and uses its local ID to authenticate itself to the remote VPN peer. (If you do not add a local ID, the FortiGate unit will transmit its IP address.)
Configure the local ID only with
Configuring advanced options
1Select Advanced Options.
2Optionally, select a Peer Option.
Use the Peer Options to authenticate remote VPN peers by the ID that they transmit during phase 1.
Accept any peer ID | Select to accept any peer ID (and therefore not authenticate |
| remote VPN peers by peer ID). |
Accept this peer ID | Select to authenticate a specific VPN peer or a group of VPN |
| peers with a shared user name (ID) and password |
| key). Also add the peer ID. Also add the peer ID. |
Accept peer ID in dialup group
Select to authenticate each remote VPN peer with a unique user name (ID) and password
Configure the user group prior to configuring this peer option.
3Optionally, configure XAuth.
XAuth (IKE eXtended Authentication) authenticates VPN peers at the user level. If the the FortiGate unit (the local VPN peer) is configured as an XAuth server, it will authenticate remote VPN peers by referring to a user group. The users contained in the user group can be configured locally on the FortiGate unit or on remotely located LDAP or RADIUS servers. If the FortiGate unit is configured as an XAuth client, it will provide a user name and password when it is challenged.
| XAuth: Enable as a Client |
Name | Enter the user name the local VPN peer uses to authenticate itself to the |
| remote VPN peer. |
Password | Enter the password the local VPN peer uses to authenticate itself to the |
| remote VPN peer. |
| XAuth: Enable as a Server |
Encryption | Select the encryption method used between the XAuth client, the FortiGate |
method | unit and the authentication server. |
| PAP— Password Authentication Protocol. |
| |
| |
| FortiGate unit, and CHAP between the FortiGate unit and the authentication |
| server. |
| Use CHAP whenever possible. Use PAP if the authentication server does not |
| support CHAP. (Use PAP with all implementations of LDAP and some |
| implementations of Microsoft RADIUS). Use MIXED if the authentication server |
| supports CHAP but the XAuth client does not. (Use MIXED with the Fortinet |
| Remote VPN Client.). |
Usergroup | Select a group of users to be authenticated by XAuth. The individual users |
| within the group can be authenticated locally or by one or more LDAP or |
| RADIUS servers. |
| The user group must be added to the FortiGate configuration before it can be |
| selected here. |
215 |