Fortinet fortigate-asm-fb4 Nota De Lançamento
FortiGate-ASM-FB4 Version 1.0 Technical Note
18
01-30005-0424-20071002
Accelerated tunnel mode IPSec
Examples
•
Accelerated tunnel mode IPSec
The following steps create a hardware accelerated tunnel mode IPSec tunnel
between two FortiGate units, each containing a FortiGate-ASM-FB4 module.
between two FortiGate units, each containing a FortiGate-ASM-FB4 module.
To configure hardware accelerated tunnel mode IPSec
1
On FortiGate_1, go to VPN > IPSec.
2
Configure Phase 1.
For tunnel mode IPSec and for hardware acceleration, specifying the Local
Gateway IP is required.
Gateway IP is required.
Select Advanced. In the Local Gateway IP section, select Specify and type the
VPN IP address 3.3.3.2, which is the IP address of FortiGate_2’s FortiGate-ASM-
FB4 module port 2.
VPN IP address 3.3.3.2, which is the IP address of FortiGate_2’s FortiGate-ASM-
FB4 module port 2.
3
Configure Phase 2.
If you enable the checkbox “Enable replay detection,” set enc-offload-
antireplay to enable in the CLI. For details on encryption and decryption
antireplay to enable in the CLI. For details on encryption and decryption
offloading options available in the CLI, see
4
Go to Firewall > Policy.
5
to
traffic between FortiGate-ASM-FB4 module ports 1 and 2.
6
Go to Router > Static.
7
Configure a static route to route traffic destined for FortiGate_2’s protected
network to VPN IP address of FortiGate_2’s VPN gateway, 3.3.3.2, through the
FortiGate-ASM-FB4 module’s port 2 (device).
network to VPN IP address of FortiGate_2’s VPN gateway, 3.3.3.2, through the
FortiGate-ASM-FB4 module’s port 2 (device).
You can also configure the static route using the following CLI commands:
config router static
edit 2
set device "AMC-SW1/2"
set dst 2.2.2.0 255.255.255.0
set gateway 3.3.3.2
set dst 2.2.2.0 255.255.255.0
set gateway 3.3.3.2
next
end
8
On FortiGate_2, go to VPN > IPSec.
9
Configure Phase 1.
For tunnel mode IPSec and for hardware acceleration, specifying the Local
Gateway IP is required.
Gateway IP is required.
Select Advanced. In the Local Gateway IP section, select Specify and type the
VPN IP address 3.3.3.1, which is the IP address of FortiGate_1’s FortiGate-ASM-
FB4 module port 2.
VPN IP address 3.3.3.1, which is the IP address of FortiGate_1’s FortiGate-ASM-
FB4 module port 2.