config vpn ipsec phase1-interface
    edit "IPsecVPN"
        set type dynamic
        set interface "wan1"
        set ip-version 4
        set ike-version 2
        set local-gw 0.0.0.0
        set keylife 86400
        set authmethod signature
        unset authmethod-remote
        set peertype peer
        set monitor-min 0
        set net-device disable
        set exchange-interface-ip disable
        set aggregate-member disable
        set packet-redistribution disable
        set peer-egress-shaping disable
        set mode-cfg enable
        set ipv4-wins-server1 0.0.0.0
        set ipv4-wins-server2 0.0.0.0
        set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256
        set add-route enable
        set localid ''
        set localid-type auto
        set negotiate-timeout 30
        set fragmentation enable
        set ip-fragmentation post-encapsulation
        set dpd on-demand
        set comments "VPN: IPsecVPN -- Created by VPN wizard"
        set npu-offload enable
        set send-cert-chain enable
        set dhgrp 20 21
        set suite-b disable
        set eap enable
        set eap-identity send-request
        set eap-exclude-peergrp ''
        set eap-cert-auth disable
        set acct-verify disable
        set ppk disable
        set wizard-type dialup-forticlient
        set reauth disable
        set authusrgrp "SingleID"
        set idle-timeout disable
        set ha-sync-esp-seqno enable
        set fgsp-sync disable
        set inbound-dscp-copy disable
        set auto-discovery-sender disable
        set auto-discovery-receiver disable
        set auto-discovery-forwarder disable
        set encapsulation none
        set nattraversal enable
        set fragmentation-mtu 1200
        set childless-ike disable
        set azure-ad-autoconnect disable
        set client-resume disable
        set rekey enable
        set digital-signature-auth disable
        set rsa-signature-hash-override disable
        set enforce-unique-id disable
        set cert-id-validation enable
        set fec-egress disable
        set fec-ingress disable
        set network-overlay disable
        set dev-id-notification disable
        set link-cost 0
        set kms ''
        set exchange-fgt-device-id disable
        set ems-sn-check disable
        set cert-trust-store local
        set qkd disable
        set transport auto
        set fortinet-esp disable
        set remote-gw-match any
        set certificate "192.168.2.192"
        set default-gw 0.0.0.0
        set default-gw-priority 0
        set peer "IPsecVPN_peer"
        set assign-ip enable
        set assign-ip-from range
        set ipv4-start-ip 192.168.100.200
        set ipv4-end-ip 192.168.100.210
        set ipv4-netmask 255.255.255.255
        set dns-mode auto
        set ipv4-split-include "IPsecVPN_split"
        set split-include-service ''
        set ipv6-start-ip ::
        set ipv6-end-ip ::
        set ipv6-prefix 128
        set ipv6-split-include ''
        set ip-delay-interval 0
        set ipv4-split-exclude ''
        set ipv6-split-exclude ''
        set save-password enable
        set client-auto-negotiate disable
        set client-keep-alive disable
        set keepalive 10
        set distance 15
        set priority 1
        set dpd-retrycount 3
        set dpd-retryinterval 20
    next
end