This is a sample configuration of ADVPN with BGP as the routing protocol. The following options must be enabled for this configuration:
-
On the hub FortiGate, IPsec phase1-interface
net-device disablemust be run. -
IBGP must be used between the hub and spoke FortiGates.
-
bgp neighbor-group/neighbor-rangemust be reused.
To configure ADVPN with BGP as the routing protocol using the CLI:
-
Configure hub FortiGate WAN interface, internal interface, and a static route:
config system interface edit "port9" set alias "WAN" set ip 22.1.1.1 255.255.255.0 next edit "port10" set alias "Internal" set ip 172.16.101.1 255.255.255.0 next end config router static edit 1 set gateway 22.1.1.2 set device "port9" next end -
Configure the hub FortiGate:
-
Configure the hub FortiGate IPsec phase1-interface and phase2-interface:
config vpn ipse
-