TXT

Fortigate to cisco router ipsec vpn configure

By Edward Stewart,2014-09-30 22:12
18 views 0
Fortigate to cisco router ipsec vpn configure

Fortigate to cisco router ipsec vpn configure! ;原;

    FortiGate-500 configuration

set system opmode nat

    set system interface internal mode static ip 192.168.1.254 255.255.255.0

set system interface external mode static ip 195.1.1.1

    255.255.255.0

set system hostname Fortigate-500

    set system route number 0 dst 0.0.0.0 0.0.0.0 gw1 195.1.1.2

    set firewall address internal Internal_All subnet 0.0.0.0 0.0.0.0

    set firewall address external External_All subnet 0.0.0.0 0.0.0.0

    set firewall address dmz DMZ_All subnet 0.0.0.0 0.0.0.0

    set firewall address internal 192_168_1_0 subnet 192.168.1.0 255.255.255.0

    set firewall address external 172_16_1_0 subnet 172.16.1.0 255.255.255.0

    set vpn ipsec phase1 to_Cisco_831 type static gw 195.1.1.2 proposal 3des-sha1

keylife 28800 dhgrp 5 authmethod PSK fortigate nattraversal enable keepalive 5 dpd

    enable dpdidleworry 10 dpdretrycount 3 dpdretryinterval 5 dpdidlecleanup 300 peertype any xauthtype disable

    set vpn ipsec phase2 to_172_16_1_0 phase1name to_Cisco_831 proposal 3des-sha1keylifeseconds 1800 dhgrp 1 replay enable concentrator none

set firewall policy srcintf internal dstintf external policyid 2 srcaddr 192_168_1_0

    dstaddr 172_16_1_0 schedule Always service ANY action encrypt vpntunnel to_172_16_1_0 inbound allow outbound allow

set firewall policy srcintf internal dstintf external policyid 1 srcaddr Internal_All

    dstaddr External_All schedule Always service ANY action accept avwebfilter Scan nat

    enable

Cisco 831 router configuration

hostname CiscoRouter

!

crypto isakmp policy 10

     encr 3des

     authentication pre-share

     group 5

     hash sha

    crypto isakmp key fortigate address 195.1.1.1

!

crypto ipsec transform-set ESP_3DES_SHA esp-3des esp-sha-hmac

!

crypto map VPN 10 ipsec-isakmp

     set peer 195.1.1.1

     set transform-set ESP_3DES_SHA

     match address 101

!

interface Ethernet0

     ip address 172.16.1.254 255.255.255.0

!

interface Ethernet1

     ip address 195.1.1.2 255.255.255.0

     crypto map VPN

!

ip classless

    ip route 0.0.0.0 0.0.0.0 195.1.1.1

!

access-list 101 permit ip 172.16.1.0 0.0.0.255 192.168.1.0

    0.0.0.255

Report this document

For any questions or suggestions please email
cust-service@docsford.com