![]() Next end config router static edit 1 set gateway 172.16.200.3 set device “port1”Ĭonfig system interface edit “port25” set vdom “root”Ĭonfig router static edit 1 set gateway 172.16.202.2 set device “port25” ![]() The IPsec tunnel is established over the WAN interface.Ĭonfig system interface edit “port1” set vdom “root” It can work in static mode (as shown in the example), DHCP, or PPPoE mode. The WAN interface is the interface connected to the ISP. Configure the WAN interface and default route.The HA heartbeat interfaces are WAN1 and WAN2:Ĭonfig system ha set group-name “FGT-HA” set mode a-p set password sample set hbdev “wan1” 50 “wan2” 50 set session-pickup enable set priority 200 set override-wait-time 10 In this example, two FortiGates work in active-passive mode. To configure IPsec VPN in an HA environment using the CLI: Configure the Remote Subnets as 10.1.100.0 iv. Configure the Local Subnets as 172.16.101.0.From the Local Interface dropdown menu, select the desired local interface.In the Outgoing Interface field, enter port13. In the IP address field, enter 172.16.200.1. Configure the Local Subnets as 10.1.100.0/24.Configure the following settings for Policy & Routing:.In the Pre-shared Key field, enter an example key.For Authentication Method, select Pre-shared Key.In the Outgoing Interface field, enter port1. In the IP address field, enter 172.16.202.1. Configure the following settings for Authentication:. ![]() For NAT Configuration, set No NAT Between Sites. For Remote Device Type, select FortiGate. For Template Type, choose Site to Site.Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:.Set up IPsec VPN on HQ1 (the HA cluster):.Set up HA as described in the HA topics.To configure IPsec VPN in an HA environment on the GUI: ![]() In this examples below, the VPN name for HQ1 is “to_HQ2”, and the VPN name for HQ2 is “to_HQ1”. You can configure IPsec VPN in an HA environment using the FortiOS GUI or CLI. ha-sync-esp-seqno under IPsec phase1-interface settings The following shows the sample network topology for this recipe:.You must enable two options to ensure IPsec VPN traffic does not interrupt during an HA failover: This recipe provides sample configuration of site-to-site IPsec VPN in an HA environment.
0 Comments
Leave a Reply. |