This is a sample configuration of ADVPN with RIP as routing protocol. The following options must be enabled for this configuration:
-
On the hub FortiGate, IPsec phase1-interface
net-device disablemust be run. -
RIP must be used between the hub and spoke FortiGates.
-
split-horizon-status enablemust be run on the hub FortiGate.
To configure ADVPN with RIP as the routing protocol using the CLI:
-
In the CLI, configure hub FortiGate's WAN, internal interface, and static route:
config system interface edit "port9" set alias "WAN" set ip 22.1.1.1 255.255.255.0 next edit "port10" set alias "Internal" set ip 172.16.101.1 255.255.255.0 next end config router static edit 1 set gateway 22.1.1.2 set device "port9" next end -
Configure the hub FortiGate:
-
Configure the hub FortiGate IPsec phase1-interface and phase2-interface:
config vpn ipsec phase1-interface edit "advpn-hub" set type dynamic set interface "port9" set peertype any set net-device disable set proposal aes128-sha256 aes256-sha256 3des-sha256 aes128-sha1 aes256-sha1 3des-sha1 set add-route disable set dpd on-idle set auto-discovery-sender enable set psksecret sample set dpd-retryinterval 5 next end config vpn ipsec phase2-interface edit "advpn-hub" set phase1name "advpn-hub" set proposal aes128-sha1 aes256-sha1 3des-sha1 aes128-sha256 aes256-sha256 3des-sha256 next end
-