» fortios_vpn_ipsec_phase1interface
Provides a resource to use phase1-interface to define a phase 1 definition for a route-based (interface mode) IPsec VPN tunnel that generates authentication and encryption keys automatically.
» Example Usage
fortios_vpn_ipsec_phase1interface needs to be set with fortios_vpn_ipsec_phase2interface. See section fortios_vpn_ipsec_phase2interface.
» Argument Reference
The following arguments are supported:
-
name
- (Required) IPsec remote gateway name. -
type
- (Required) Remote gateway type. -
interface
- (Required) Local physical, aggregate, or VLAN outgoing interface. -
peertype
- Accept this peer type. -
proposal
- Phase1 proposal. -
comments
- Comment. -
wizard_type
- GUI VPN Wizard Type. -
remote_gw
- (Required) IPv4 address of the remote gateway's external interface. -
psksecret
- (Required) Pre-shared secret for PSK authentication. -
certificate
- Names of signed personal certificates. -
peerid
- Accept this peer identity. -
peer
- Accept this peer certificate. -
peergrp
- Accept this peer certificate group. -
ipv4_split_include
- IPv4 split-include subnets. -
split_include_service
- Split-include services. -
ipv4_split_exclude
- IPv4 subnets that should not be sent over the IPsec tunnel. -
authmethod
- Authentication method. -
authmethod_remote
- Authentication method (remote side). -
mode_cfg
- Enable/disable configuration method.
» Attributes Reference
The following attributes are exported:
-
id
- The ID of the phase1-interface item. -
name
- IPsec remote gateway name. -
type
- Remote gateway type. -
interface
- Local physical, aggregate, or VLAN outgoing interface. -
peertype
- Accept this peer type. -
proposal
- Phase1 proposal. -
comments
- Comment. -
wizard_type
- GUI VPN Wizard Type. -
remote_gw
- IPv4 address of the remote gateway's external interface. -
psksecret
- Pre-shared secret for PSK authentication. -
certificate
- Names of signed personal certificates. -
peerid
- Accept this peer identity. -
peer
- Accept this peer certificate. -
peergrp
- Accept this peer certificate group. -
ipv4_split_include
- IPv4 split-include subnets. -
split_include_service
- Split-include services. -
ipv4_split_exclude
- IPv4 subnets that should not be sent over the IPsec tunnel. -
authmethod
- Authentication method. -
authmethod_remote
- Authentication method (remote side). -
mode_cfg
- Enable/disable configuration method.