IKE Mode Config clients

IKE Mode Config is an alternative to DHCP over IPsec. It allows dialup VPN clients to obtain virtual IP address, network, and DNS configurations amongst others from the VPN server. A FortiGate can be configured as either an IKE Mode Config server or client.

IKE Mode Config can configure the host IP address, domain, DNS addresses ,and WINS addresses. IPsec parameters such as gateway address, encryption, and authentication algorithms must be configured. Several network equipment vendors support IKE Mode Config.

An IKE Mode Config server or client is configured using config vpn ipsec phase1-interface and involves the following parameters:

Parameter

Description

ike-version {1 | 2}

IKE v1 is the default for FortiGate IPsec VPNs. IKE Mode Config is also compatible with IKE v2.

mode-cfg {enable | disable}

Enable/disable IKE Mode Config.