Fortigate ipsec vpn site to site5/16/2023 A virtual IPsec interface toA is configured on port2 and its remote gateway is the IPv4 public IP address of FortiGate A. The configuration of FortiGate B is very similar to that of FortiGate A. A default route sends all IPv4 traffic, including the IPv4 IPsec packets, out on port2. Traffic to the protected network behind FortiGate B is routed via the virtual IPsec interface toB using an IPv6 static route. This simple example requires just two static routes. ![]() Set srcintf toB set dstintf port3 set srcaddr all6 set dstaddr all6 set action accept set service ANY Set srcintf port3 set dstintf toB set srcaddr all6 set dstaddr all6 set action accept set service ANY Define the address all6 using the firewall address6 command as ::/0. IPv6 security policies are required to allow traffic between port3 and the IPsec interface toB in each direction. Set src-addr-type subnet6 set dst-addr-type subnet6Ĭ on f i gu r e FortiGate A security policies Set proposal 3des-md5 3des-sha1 set pfs enable ![]() The default subnet addresses are 0.0.0.0/0 for IPv4, ::/0 for IPv6.Ĭonfig vpn ipsec phase2-interface edit toB2 The default setting for src-addr-type and dst-addr-type is subnet. By default, Phase 2 selectors are set to accept all subnet addresses for source and destination. The Phase 2 configuration uses IPv6 selectors. Set psksecret maryhadalittlelamb set proposal 3des-md5 3des-sha1 ![]() The Phase 1 configuration uses IPv4 addressing.Ĭonfig vpn ipsec phase1-interface edit toB Set ip6-address fec0::0001:209:0fff:fe83:25f3/64 endĬ on f i gu r e FortiGate A IPsec settings Port 2 connects to the IPv4 public network and port 3 connects to the IPv6 LAN. In this example, IPv6-addressed private networks communicate securely over IPv4 public infrastructure. S i t e -t o – s i t e IPv6 over IPv4 VPN example
0 Comments
Leave a Reply. |