Fortinet FortiGate FortiGate-ASM-FB4 Technical Note page 20

Accelerated interface mode IPSec
20
5 Configure two policies (one for each direction) to apply the Phase 1 IPSec
configuration you configured in step
FortiGate-ASM-FB4 module port 1.
6 Go to Router > Static.
7 Configure a static route to route traffic destined for FortiGate_2's protected
network to the Phase 1 IPSec device, FGT_1_IPsec.
You can also configure the static route using the following CLI commands:
config router static
edit 2
set device "FGT_1_IPsec"
set dst 2.2.2.0 255.255.255.0
next
end
8 On FortiGate_2, go to VPN > IPSec.
9 Configure Phase 1.
For interface mode IPSec and for hardware acceleration, the following settings
are required.
• Enable the checkbox "Enable IPSec Interface Mode."
• In the Local Gateway IP section, select Specify and type the VPN IP address
3.3.3.1, which is the IP address of FortiGate_1's FortiGate-ASM-FB4 module
port 2.
10 Configure Phase 2.
If you enable the checkbox "Enable replay detection," set enc-offload-
antireplay to enable in the CLI. For details on encryption and decryption
offloading options available in the CLI, see
11 Go to Firewall > Policy.
12 Configure two policies (one for each direction) to apply the Phase 1 IPSec
configuration you configured in step
FortiGate-ASM-FB4 module port 1.
13 Go to Router > Static.
14 Configure a static route to route traffic destined for FortiGate_1's protected
network to the Phase 1 IPSec device, FGT_2_IPsec.
You can also configure the static route using the following CLI commands:
config router static
edit 2
set device "FGT_2_IPsec"
set dst 1.1.1.0 255.255.255.0
next
end
15 Activate the IPSec tunnel by sending traffic between the two protected networks.
To verify tunnel activation, go to VPN > IPSEC > Monitor.
2 to traffic leaving from or arriving on
"config system npu" on page
9 to traffic leaving from or arriving on
FortiGate-ASM-FB4 Version 1.0 Technical Note
01-30005-0424-20071002
Examples
15.