Ipsec Vip - Fortinet FortiWiFi FortiWiFi-60 Administration Manual
Antivirus firewalls
Hide thumbs
Also See for FortiWiFi FortiWiFi-60:
- Installation and configuration manual (76 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
CLI configuration
ipsec vip
282
ipsec phase2 command keywords and variables
Keywords and variables
bindtoif
<interface-name_str>
Example
Use the following commands to edit an existing phase 2 configuration named
Tunnel_1. The command binds the tunnel to the interface named internal.
config vpn ipsec phase2
edit Tunnel_1
set bindtoif internal
end
A FortiWiFi unit can act as a proxy by answering ARP requests locally and forwarding
the associated traffic to the intended destination host over an IPSec VPN tunnel. The
feature is intended to enable IPSec VPN communications between two hosts that
coordinate the same private address space on physically separate networks. The IP
addresses of both the source host and the destination host must be unique. The
ipsec vip command lets you specify the IP addresses that can be accessed at the
remote end of the VPN tunnel. You must configure IPSec virtual IP (VIP) addresses at
both ends of the IPSec VPN tunnel.
Adding an IPSec VIP entry to the VIP table enables a FortiWiFi unit to respond to ARP
requests destined for remote servers and route traffic to the intended destinations
automatically. Each IPSec VIP entry is identified by an integer. An entry identifies the
name of the FortiWiFi interface to the destination network, and the IP address of a
destination host on the destination network. Specify an IP address for every host that
needs to be accessed on the other side of the tunnel—you can define a maximum of
32 IPSec VIP addresses on the same interface.
Note: The interface to the destination network must be associated with a VPN tunnel through a
firewall encryption policy (action must be set to encrypt). The policy determines which VPN
tunnel will be selected to forward traffic to the destination. When you create IPSec VIP entries,
check the encryption policy on the FortiWiFi interface to the destination network to ensure that it
meets your requirements.
For more information, see
Command syntax pattern
config vpn ipsec vip
edit <vip_integer>
set <keyword> <variable>
end
01-28006-0014-20041105
Description
Bind the tunnel to the specified
network interface. Type the name of
the local FortiWiFi interface.
"Configuring IPSec virtual IP addresses" on page
VPN
Default
Availability
No
All models.
default.
294.
Fortinet Inc.
Advertisement
Table of Contents
