Created on 10-26-2009 11:22 AM Edited on 05-26-2022 12:00 PM By Anonymous
Description
The IKE configuration method is a new feature in FortiOS 4.0 MR1 Patch1 which allows configuration items to be exchanged securely between 2 IKE peers. This article shows the features and their scope for utilization.
Scope
All FortiGate users using FortiOS 4.1.1 (4.0 MR1 Patch1)
Solution
The mode-cfg setup can be configured in the following 2 networking scenarios when making an ike IPSec connection between FortiGate's or between a FortiGate and a 3rd Party IKE peer using mode-cfg:
mode-cfg server = dynamic (dialup) user for IPSec phase-1 connection
mode-cfg client = static user using DDNS for IPSec phase-1 connection
VIP address assigned by the FortiGate.Default Route route pushed by the FortiGate or remote networks pushed by the FortiGate.
1) Main/Aggressive mode negotiation is initiated by the Client
2) Quick Mode negotiation (DHCP traffic) is initiated by the Client
3) DHCP lease is obtained by the Client (ESP traffic exchange)
4) IPSec SA deletion is initiated by the Client
5) Quick Mode negotiation (data traffic) is initiated by the Client
1) Main/Aggressive mode negotiation is initiated by the Client
2) mode-cfg transaction is initiated by the Client (Request/Reply)
3) Quick Mode negotiation (data traffic) is initiated by the Client
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.