Fortinet black logo

Cookbook

6.2.0
6.2.0
5.4.0

Verifying ADVPN configuration in FortiGate

Verifying ADVPN configuration in FortiGate

When configuring the VPN manager, take into account that the final outcome you want to have on the FortiGate is shown the configurations below.

The configuration will be available on the FortiGates only after they are installed from FortiManager. The installation is described later in the guide. These configurations are required for ADVPN to work. At this point you don’t need to install the configurations on the FortiGates.

Example configurations

FGT-1 # show vpn ipsec phase1-interface

config vpn ipsec phase1-interface

edit "OL_MPLS_0"

set interface "port4"

set ike-version 2

set keylife 28800

set peertype any

set net-device disable

set proposal aes128-sha256 aes256-sha256

set add-route disable

set auto-discovery-receiver enable

set tunnel-search nexthop

set remote-gw 172.16.2.5

set psksecret xxx

next

edit "OL_INET_0"

set interface "port1"

set ike-version 2

set keylife 28800

set peertype any

set net-device disable

set proposal aes128-sha256 aes256-sha256

set add-route disable

set auto-discovery-receiver enable

set tunnel-search nexthop

set remote-gw 100.64.1.5

set psksecret xxx

next

end

FGT-DC-5 # show vpn ipsec phase1-interface

config vpn ipsec phase1-interface

edit "OL_MPLS_0"

set type dynamic

set interface "port4"

set ike-version 2

set keylife 28800

set peertype any

set net-device disable

set proposal aes128-sha256 aes256-sha256

set add-route disable

set auto-discovery-sender enable

set tunnel-search nexthop

set psksecret xxx

next

edit "OL_INET_0"

set type dynamic

set interface "port1"

set ike-version 2

set keylife 28800

set peertype any

set net-device disable

set proposal aes128-sha256 aes256-sha256

set add-route disable

set auto-discovery-sender enable

set tunnel-search nexthop

set psksecret xxx

next

end

Previous
Next

Verifying ADVPN configuration in FortiGate

When configuring the VPN manager, take into account that the final outcome you want to have on the FortiGate is shown the configurations below.

The configuration will be available on the FortiGates only after they are installed from FortiManager. The installation is described later in the guide. These configurations are required for ADVPN to work. At this point you don’t need to install the configurations on the FortiGates.

Example configurations

FGT-1 # show vpn ipsec phase1-interface

config vpn ipsec phase1-interface

edit "OL_MPLS_0"

set interface "port4"

set ike-version 2

set keylife 28800

set peertype any

set net-device disable

set proposal aes128-sha256 aes256-sha256

set add-route disable

set auto-discovery-receiver enable

set tunnel-search nexthop

set remote-gw 172.16.2.5

set psksecret xxx

next

edit "OL_INET_0"

set interface "port1"

set ike-version 2

set keylife 28800

set peertype any

set net-device disable

set proposal aes128-sha256 aes256-sha256

set add-route disable

set auto-discovery-receiver enable

set tunnel-search nexthop

set remote-gw 100.64.1.5

set psksecret xxx

next

end

FGT-DC-5 # show vpn ipsec phase1-interface

config vpn ipsec phase1-interface

edit "OL_MPLS_0"

set type dynamic

set interface "port4"

set ike-version 2

set keylife 28800

set peertype any

set net-device disable

set proposal aes128-sha256 aes256-sha256

set add-route disable

set auto-discovery-sender enable

set tunnel-search nexthop

set psksecret xxx

next

edit "OL_INET_0"

set type dynamic

set interface "port1"

set ike-version 2

set keylife 28800

set peertype any

set net-device disable

set proposal aes128-sha256 aes256-sha256

set add-route disable

set auto-discovery-sender enable

set tunnel-search nexthop

set psksecret xxx

next

end

Previous
Next