Table of Contents
Advertisement
Accelerated interface mode IPSec
20
5
Configure two policies (one for each direction) to apply the Phase 1 IPSec
configuration you configured in step
FortiGate-ASM-FB4 module port 1.
6
Go to Router > Static.
7
Configure a static route to route traffic destined for FortiGate_2's protected
network to the Phase 1 IPSec device, FGT_1_IPsec.
You can also configure the static route using the following CLI commands:
config router static
edit 2
set device "FGT_1_IPsec"
set dst 2.2.2.0 255.255.255.0
next
end
8
On FortiGate_2, go to VPN > IPSec.
9
Configure Phase 1.
For interface mode IPSec and for hardware acceleration, the following settings
are required.
•
Enable the checkbox "Enable IPSec Interface Mode."
•
In the Local Gateway IP section, select Specify and type the VPN IP address
3.3.3.1, which is the IP address of FortiGate_1's FortiGate-ASM-FB4 module
port 2.
10
Configure Phase 2.
If you enable the checkbox "Enable replay detection," set enc-offload-
antireplay to enable in the CLI. For details on encryption and decryption
offloading options available in the CLI, see
11
Go to Firewall > Policy.
12
Configure two policies (one for each direction) to apply the Phase 1 IPSec
configuration you configured in step
FortiGate-ASM-FB4 module port 1.
13
Go to Router > Static.
14
Configure a static route to route traffic destined for FortiGate_1's protected
network to the Phase 1 IPSec device, FGT_2_IPsec.
You can also configure the static route using the following CLI commands:
config router static
edit 2
set device "FGT_2_IPsec"
set dst 1.1.1.0 255.255.255.0
next
end
15
Activate the IPSec tunnel by sending traffic between the two protected networks.
To verify tunnel activation, go to VPN > IPSEC > Monitor.
2
to traffic leaving from or arriving on
"config system npu" on page
9
to traffic leaving from or arriving on
FortiGate-ASM-FB4 Version 1.0 Technical Note
01-30005-0424-20071002
Examples
15.
Advertisement
Table of Contents
