Fortinet 100 Network Card User Manual


 
IPSec VPN Adding a phase 1 configuration for an AutoIKE VPN
FortiGate-100 Installation and Configuration Guide 187
10 Optionally, enter the Local ID of the FortiGate unit.
The entry is required if the FortiGate unit is functioning as a client and uses its local ID
to authenticate itself to the remote VPN peer. (If you do not add a local ID, the
FortiGate unit will transmit its IP address.)
Configure the local ID only with pre-shared keys and aggressive mode. Do not
configure the local ID with certificates or main mode.
Configuring advanced options
1 Select Advanced Options.
2 Optionally, select a Peer Option.
Use the Peer Options to authenticate remote VPN peers by the ID that they transmit
during phase 1.
3 Optionally, configure XAuth.
XAuth (IKE eXtended Authentication) authenticates VPN peers at the user level. If the
the FortiGate unit (the local VPN peer) is configured as an XAuth server, it will
authenticate remote VPN peers by referring to a user group. The users contained in
the user group can be configured locally on the FortiGate unit or on remotely located
LDAP or RADIUS servers. If the FortiGate unit is configured as an XAuth client, it will
provide a user name and password when it is challenged.
Accept any peer ID Select to accept any peer ID (and therefore not authenticate
remote VPN peers by peer ID).
Accept this peer ID Select to authenticate a specific VPN peer or a group of VPN
peers with a shared user name (ID) and password (pre-shared
key). Also add the peer ID. Also add the peer ID.
Accept peer ID in dialup
group
Select to authenticate each remote VPN peer with a unique user
name (ID) and password (pre-shared key). Also select a dialup
group (user group).
Configure the user group prior to configuring this peer option.
XAuth: Enable as a Client
Name Enter the user name the local VPN peer uses to authenticate itself to the
remote VPN peer.
Password Enter the password the local VPN peer uses to authenticate itself to the
remote VPN peer.
XAuth: Enable as a Server
Encryption
method
Select the encryption method used between the XAuth client, the FortiGate
unit and the authentication server.
PAP— Password Authentication Protocol.
CHAP—Challenge-Handshake Authentication Protocol.
MIXED—Select MIXED to use PAP between the XAuth client and the
FortiGate unit, and CHAP between the FortiGate unit and the authentication
server.
Use CHAP whenever possible. Use PAP if the authentication server does not
support CHAP. (Use PAP with all implementations of LDAP and some
implementations of Microsoft RADIUS). Use MIXED if the authentication server
supports CHAP but the XAuth client does not. (Use MIXED with the Fortinet
Remote VPN Client.).
Usergroup Select a group of users to be authenticated by XAuth. The individual users
within the group can be authenticated locally or by one or more LDAP or
RADIUS servers.
The user group must be added to the FortiGate configuration before it can be
selected here.