IKEv2 IPsec Config Fortigate

September 18, 2024

Interface:

config system interface

edit "port2"

set vdom "root"

set ip 14.140.40.108 255.255.255.0

set allowaccess ping https

set type physical

set alias "WAN2"

set role dmz

set snmp-index 2

edit "port4"

set vdom "root"

set ip 20.20.20.108 255.255.255.0

set allowaccess ping

set type physical

set alias "LAN"

set snmp-index 8

edit "test"

set vdom "root"

set type tunnel

set snmp-index 9

set interface "port2"

end

IKEv2 VPN:

config vpn ipsec phase1-interface

edit "test"

set interface "port2"

set ike-version 2

set peertype any

set net-device disable

set proposal aes256-sha256

set dhgrp 2

set nattraversal disable

set transport udp

set remote-gw 14.140.40.109

set psksecret ENC Z/zEmBMV/OPXpUYpqce1Qhyyjw+lpLhe+mrMIoGfYWGP82ua9S2N6gmdjy7sqvysq0GBmjCGKhBe7Iqyst2jEVslwA84hpFSNWwvnE+ZpQsOe6NX0RBXQzw40qVmH7JbzdeYXgqtEmLZshpIuOudVh+OMvbbs9ojeu6xeUfIQ4/regrkDhal6CI12+HWo970gpf211lmMjY3dkVA

end

config vpn ipsec phase2-interface

edit "p2"

set phase1name "test"

set proposal aes256-sha256

set dhgrp 14

set src-subnet 20.20.20.0 255.255.255.0

set dst-subnet 10.10.10.0 255.255.255.0

end

Firewall Policy:

config firewall policy

edit 1

set name "allow"

set uuid 67d5f8c4-7508-51ef-1eb7-0fd9ad5f2129

set srcintf "test"

set dstintf "port4"

set action accept

set srcaddr "all"

set dstaddr "all"

set schedule "always"

set service "ALL"

edit 2

set name "allow out"

set uuid 9624287c-7508-51ef-482e-d2daf28580e8

set srcintf "port4"

set dstintf "test"

set action accept

set srcaddr "all"

set dstaddr "all"

set schedule "always"

set service "ALL"

end

Route:

config router static

edit 1

set dst 10.10.10.0 255.255.255.0

set device "test"

end

Search This Blog

TechTalkSecurity