Verifying ADVPN configuration in FortiGate
When configuring the VPN manager, take into account that the final outcome you want to have on the FortiGate is shown the configurations below.
The configuration will be available on the FortiGates only after they are installed from FortiManager. The installation is described later in the guide. These configurations are required for ADVPN to work. At this point you don’t need to install the configurations on the FortiGates.
Example configurations
FGT-1 # show vpn ipsec phase1-interface
config vpn ipsec phase1-interface
edit "OL_MPLS_0"
set interface "port4"
set ike-version 2
set keylife 28800
set peertype any
set net-device disable
set proposal aes128-sha256 aes256-sha256
set add-route disable
set auto-discovery-receiver enable
set tunnel-search nexthop
set remote-gw 172.16.2.5
set psksecret xxx
next
edit "OL_INET_0"
set interface "port1"
set ike-version 2
set keylife 28800
set peertype any
set net-device disable
set proposal aes128-sha256 aes256-sha256
set add-route disable
set auto-discovery-receiver enable
set tunnel-search nexthop
set remote-gw 100.64.1.5
set psksecret xxx
next
end
FGT-DC-5 # show vpn ipsec phase1-interface
config vpn ipsec phase1-interface
edit "OL_MPLS_0"
set type dynamic
set interface "port4"
set ike-version 2
set keylife 28800
set peertype any
set net-device disable
set proposal aes128-sha256 aes256-sha256
set add-route disable
set auto-discovery-sender enable
set tunnel-search nexthop
set psksecret xxx
next
edit "OL_INET_0"
set type dynamic
set interface "port1"
set ike-version 2
set keylife 28800
set peertype any
set net-device disable
set proposal aes128-sha256 aes256-sha256
set add-route disable
set auto-discovery-sender enable
set tunnel-search nexthop
set psksecret xxx
next
end