![]() Select On Idle to reestablish VPN tunnels on idle connections and clean up dead IKE peers if required. If you selected Enable or Forced for the NAT traversal, enter a keep-alive frequency. This approach maintains interoperability with any IPsec implementation that supports the NAT-T RFC. This causes the peer to think it is behind a NAT device, and it will use UDP encapsulation for IPsec, even if no NAT is present. If this option is set to Forced, the FortiGate uses a port value of zero when constructing the NAT discovery hash for the peer. The local FortiGate unit and the VPN peer or client must have the same NAT traversal setting (both selected or both cleared) to connect reliably.Īdditionally, you can force IPsec to use NAT traversal. Select Enable if a NAT device exists between the local FortiGate unit that is managed by a FortiProxy unit. Through which remote peers connect to the FortiGate unit that is managed by the FortiProxy unit.Įnable this option to configure a local gateway and then select Primary IP, Secondary IP, or Specify. This option is set to Static IP Address for a remote peer that has a static IP address. Select this option if you want to create an IPsec VPN tunnel. If you select Custom for the template type in the IPsec Wizard and then select Next, the New VPN Tunnel window opens.Ĭonfigure the following settings and then select OK: NameĪn optional description of the VPN tunnel. ![]() Create a custom VPN tunnel Create a custom VPN tunnel
0 Comments
Leave a Reply. |