In my example, I require that you use AES 256 as the encryption type and SHA 256 as the hashing algorithm. In my example above, I am telling the router that I will present and accept Phase I connections that meet the following proposal. Next we will define the Phase I crypto profiles crypto isakmp policy 11 In my case, it is the FortiGate’s IP address of 192.168.200.2 and the pre-shared key is fortigate This is the configuration that will allow you to define the pre-shared key with the particular remote peers. Pre-shared-key address 192.168.200.2 key fortigate I will break each section down below: crypto keyring KEY_RING Using a Cisco 2921 in my lab, I configured the VPN using the config I was using on-site at the customer. The plan is to establish an encrypted channel using the 192.168.200.0/30 network, then establishing the tunnel interface between the 192.168.170.88/30 subnet and be able to use dynamic routing (OSPF). My Configurationīelow, we can see that I have one interface that is acting as the Internet ( 192.168.200.0/30) and a tunnel interface tied to both WAN ports (obviously using different methods Cisco and Fortinet respectively).
I asked the customer if I could work on the config and get back to him, they were gracious enough to allow me to do so Thank You Mr. This took up some time of course, but when we tested the router-based VTI, we ran out of time. While on-site, we were testing with FortiTester and reviewing the Fortigate features. This was great because it gave me an opportunity to write about it. Initially, this post was born from a customer that required some VPN connectivity via VTI on the ASA which later turned into a VTI on a Cisco Router. Where as the ASA only supports BGP with its VTI implementation, the router is a bit more flexible and allows for OSPF.
Today, I will cover a route-based VPN with a Cisco Router instead of a Cisco ASA using VTIs. Route-Based VPN between Cisco Router and Fortigate Firewall using OSPFĮarlier, I wrote an article showing how to do a VTI (Virtual Tunnel Interface) from a Cisco ASA to a Fortigate Firewall.
0 kommentar(er)
