Esse artigo foi homologado no equipamento FortiGate-60F, na versão v7.4.1, o uso em uma versão diferente pode não resultar da mesma forma.
get vpn ipsec tunnel summary
get router info ospf neighbor
get router info6 ospf neighbor
config vpn ipsec phase1-interface
edit MIH-VPN1
set interface port1
set peertype any
set net-device disable
set proposal aes128-sha256 aes256-sha256
set remote-gw 100.64.22.2
set psksecret SenhaSegura#@2025
end
#
config vpn ipsec phase2-interface
edit MIH-VPN1-SRC
set phase1name MIH-VPN1
set proposal aes128-sha256 aes256-sha256
set auto-negotiate enable
set src-subnet 10.66.101.0 255.255.255.0
next
edit MIH-VPN1-DST
set phase1name MIH-VPN1
set proposal aes128-sha256 aes256-sha256
set auto-negotiate enable
set dst-subnet 10.66.101.0 255.255.255.0
end
#
config system interface
edit MIH-VPN1
set ip 10.66.101.1/32
set remote-ip 10.66.101.2/24
set allowaccess ping
end
#
config firewall policy
edit 2
set name "accept LAN para VPN"
set srcintf MIH-VPN1
set dstintf MIH-VPN1
set action accept
set srcaddr all
set dstaddr all
set schedule always
set service ALL
set logtraffic disable
end
#
config system interface
edit loopback0
set vdom root
set ip 10.64.255.2/32
set allowaccess ping https ssh snmp
set type loopback
set description !::LOOPBACK-PRIVADA
end
#
config firewall policy
edit 3
set name "accept VPN para LOOPBACK0"
set srcintf MIH-VPN1
set dstintf loopback0
set action accept
set srcaddr all
set dstaddr all
set schedule always
set service ALL
set logtraffic disable
end
#
config router ospf
#set default-information-originate always
set router-id 10.64.255.1
config area
edit 0.0.0.0
end
#
config ospf-interface
edit MIH-VPN1
set interface MIH-VPN1
set mtu-ignore enable
set network-type point-to-point
next
edit loopback0
set interface loopback0
set network-type point-to-point
next
end
#
config network
edit 1
set prefix 10.64.255.1 255.255.255.255
next
edit 2
set prefix 10.66.101.0 255.255.255.0
end
set passive-interface loopback0
config redistribute static
set status enable
end
end
#