配置FortiGate与Cisco IPSec VPN互联
2012-12-24 15:05:32 来源: 评论:0 点击:
说明: 本文档针对所有FortiGate 与Cisco 设备VPN互联进行说明,本例中使用点对点的IPSec使用预共享密钥的配置方式。环境介绍:本文使用FortiGate82C 及Cisco2621做演示。本文支持的Fortigate系统版本为Fort...
说明:
本文档针对所有FortiGate 与Cisco 设备VPN互联进行说明,本例中使用点对点的IPSec使用预共享密钥的配置方式。
环境介绍:
本文使用FortiGate82C 及Cisco2621做演示。本文支持的Fortigate系统版本为FortiOS v4.0。Cisco的版本为12.3(14)T7
1.配置FortiGate端IPsec VPN
步骤一:配置IKE
首先在虚拟专网----IPSEC中建立一个VPN通道,本地接口分别是500A的两个外网接口。在阶段一高级中启动IPSEC接口模式并勾选对等体状态探测。继续创建阶段二,输入快速模式选择器
步骤二:设置路由
在路由----静态中新建去往对端私网并走VPN的路由。
步骤三:设置策略
添加Cisco Vpn 和port1 接口的策略
2.配置Cisco端IPsec VPN
详细配置见如下:
hostname Rack2-2621-4
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key 123456 address 10.0.0.136
!
crypto ipsec transform-set myset esp-3des esp-md5-hmac
!
crypto map togate 10 ipsec-isakmp
set peer 10.0.0.136
set transform-set myset
match address 101
!
interface FastEthernet0/0
description out
ip address 10.0.0.214 255.255.255.0
ip nat outside
duplex auto
speed auto
crypto map togate
!
interface FastEthernet0/1
description in
ip address 10.10.164.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
!
ip http server
no ip http secure-server
ip nat inside source list 102 interface FastEthernet0/0 overload
!
access-list 101 permit ip 10.10.164.0 0.0.0.255 10.10.61.0 0.0.0.255
access-list 102 deny ip 10.10.164.0 0.0.0.255 any
access-list 102 permit ip any any
!
End
3.验证联通性
Cisco 端去往FortiGate内网,使用源地址ping:
Rack2-2621-4#ping
Protocol [ip]:
Target IP address: 10.10.61.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.10.164.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.61.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.164.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms
从FortiGate端 ping Cisco内网
FGT82C-1 # exe ping-o so 10.10.61.1
FGT82C-1 # exe ping 10.10.164.1
PING 10.10.164.1 (10.10.164.1): 56 data bytes
64 bytes from 10.10.164.1: icmp_seq=0 ttl=255 time=7.0 ms
64 bytes from 10.10.164.1: icmp_seq=1 ttl=255 time=6.8 ms
64 bytes from 10.10.164.1: icmp_seq=2 ttl=255 time=7.1 ms
64 bytes from 10.10.164.1: icmp_seq=3 ttl=255 time=7.5 ms
64 bytes from 10.10.164.1: icmp_seq=4 ttl=255 time=6.9 ms
--- 10.10.164.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 6.8/7.0/7.5 ms
FGT82C-1 #
相关热词搜索:
上一篇:DHCP over IPSec在Forticlient上的应用
下一篇:配置多个PSK的连接用户IPsec阶段一
分享到:
收藏
收藏
评论排行
- ·VMware部署FortiGate VM和VMX详解(66)
- ·FortiClient Windows系统安装包(21)
- ·SSL VPN Client For Windows(SSL ...(10)
- ·FortiClient Mac系统安装包(4)
- ·FortiClient 安卓安装包(3)
- ·FortiOS 5.6系统演示(2)
- ·飞塔防火墙配置手册5.0(2)
- ·给拨号VPN的用户分配固定IP地址(2)
- ·Fortinet无线网络接入配置步骤 4.2(2)
- ·FortiGate FortiOS最佳版本建议书(1)
- ·FortiWLC控制器系统恢复操作介绍(1)
- ·FortiClient 安卓系统安装包(1)
- ·设置FortiGate 双网关(1)
- ·FortiGate产品实施中文一本通7.0(1)
- ·SSL VPN Client for Linux(SSL VP...(1)
- ·如何配置FortiGate双出口(1)
- ·FortiConvertor配置转换工具(1)
- ·FortiGate 4.2 中文管理员使用手册(1)
- ·设置FortiGate DHCP地址保留(1)
- ·Fortinet技术服务和支持体系(1)
频道总排行
频道本月排行
- 149如何配置SSL VPN
- 134SSL VPN用户指南-CH-v1 3-通用版与FortiClient维护手册...
- 67IPsec VPN隧道建立正常但VPN业务却不稳定 甚至不通怎么办?
- 39FortClient VPN服务器可能无法到达
- 38IPsec_VPN使用外部DHCP Server
- 34IPsec VPN之总部静态固定IP与分部PPPoE动态IP 部署Hub...
- 24设置IPSec动态DNS VPN
- 22给拨号VPN的用户分配固定IP地址
- 22配置FortiGate与Cisco IPSec VPN互联
- 22FortiClient 用IPsec VPN 远程拨号到FortiGate说明文档
