Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Jonathan_Body_FTNT
Staff
Staff

Created on ‎09-06-2010 07:10 AM

Article Id 190007

Technical Tip : Reminder for IPSec/iPhone connections to the FortiGate

Description
This article gives a CLI example of the phase 1 settings required for an iPhone connection to a FortiGate.
Scope
FortiOS 4.1 and above.
Solution
The following is an example of the required phase1 settings for an iPhone to FortiGate connection:
config vpn ipsec phase1-interface
edit "VPN iPhones"
set mode-cfg enable
set ipv4-start-ip S.S.S.S
set ipv4-end-ip E.E.E.E
set ipv4-netmask M.M.M.M
set ipv4-split-include XXXXXXX
end


"set mode-cfg enable" must be enabled.  The iPhone uses IKE mode-cfg with the Cisco IPSec VPN client to make this connection.  The IPSec phase1 negotiation will fail without "set mode-cfg enable" enabled.

Labels:
3200
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.