14 How to Configure ADVPN with OSPF as the routing protocol

1-Configure fortigate to Internet

2-Configure lan to internet in fortigate

3-Configure VLAN with Cisco switch

HQ_Hub

Configure Fortigate HQ_Hube to internet

Configure Lan and Vlan for

Configure router static

Configure vpn ipsec phase1-interface

Configure vpn ipsec phase2-interface

configure firewall policy

Configure OSPF

Configure the HQ_hub FortiGate:

Configure the hub FortiGate IPsec phase1-interface and phase2-interface:

config vpn ipsec phase1-interface

    edit "advpn-hub"

        set type dynamic

        set interface "port1"

        set peertype any

        set net-device enable

        set proposal set proposal des-md5 des-sha1 des-sha256 des-sha384 des-sha512

            set add-route disable

        set dpd on-idle

        set auto-discovery-sender enable

        set psksecret 123456

        set dpd-retryinterval 5

    next

end

config vpn ipsec phase2-interface

    edit "advpn-hub"

        set phase1name "advpn-hub"

        set proposal set proposal des-md5 des-sha1 des-sha256 des-sha384 des-sha512

    next

end

Configure the hub FortiGate's IPsec tunnel interface IP address:

Network ðInterface ðadvpn-hub ðEdit

Configure the spoke1 FortiGates' IPsec phase1-interface and phase2-interface:

Configure Spoke1:

config vpn ipsec phase1-interface

    edit "spoke1"

        set interface "port1"

        set peertype any

        set net-device enable

        set proposal des-md5 des-sha1 des-sha256 des-sha384 des-sha512

        set add-route disable

        set dpd on-idle

        set auto-discovery-receiver enable

        set remote-gw 192.168.37.10 (Wan ip Hub)

        set psksecret 123456

        set dpd-retryinterval 5

    next

end

config vpn ipsec phase2-interface

    edit "spoke1"

        set phase1name "spoke1"

        set proposal des-md5 des-sha1 des-sha256 des-sha384 des-sha512

        set auto-negotiate enable

   next

end

Verify Command

VPN ðIPsec Tunnels ðSpoke1 ðEdit  

Configure the spoke1 FortiGate's IPsec tunnel interface IP address:

Network ðInterface ðspoke1 ðEdit

Configure the hub FortiGate firewall policy:

Policy & Object ðFirewall Policy ðCreate New ð

One more clone reverse

 

Configure the Spoke1 FortiGate firewall policy:

Policy & Object ðFirewall Policy ðCreate New ð

One more clone reverse

 

Configure the HQ_hub FortiGate's OSPF

Network ðOSPF ð

Apply

Configure the Spoke1 FortiGate's OSPF

Network ðOSPF ð

Apply

So now OSPF is working HQ_Hub and Spoke1

Configure the spoke2 FortiGates' IPsec phase1-interface and phase2-interface:

Configure Spoke2:

config vpn ipsec phase1-interface

    edit "spoke2"

        set interface "port1"

        set peertype any

        set net-device enable

        set proposal des-md5 des-sha1 des-sha256 des-sha384 des-sha512

        set add-route disable

        set dpd on-idle

        set auto-discovery-receiver enable

        set remote-gw 192.168.37.10 (Wan ip Hub)

        set psksecret 123456

        set dpd-retryinterval 5

    next

end

config vpn ipsec phase2-interface

    edit "spoke2"

        set phase1name "spoke2"

        set proposal des-md5 des-sha1 des-sha256 des-sha384 des-sha512

        set auto-negotiate enable

   next

end

Verify Command

VPN ðIPsec Tunnels ðSpoke2 ðEdit  

 

Configure the spoke2 FortiGate's IPsec tunnel interface IP address:

Network ðInterface ðspoke2 ðEdit

Configure the Spoke2 FortiGate firewall policy:

Policy & Object ðFirewall Policy ðCreate New ð

Allow HQ_in

Ok

Allow_HQ_Out

One more rule we used clone

Configure the Spoke2 FortiGate's OSPF

Network ðOSPF ð

Apply

Monitor OSPF

Aallow Spoke1 access to Spoke2 via Policy & Object with interface VPN on Hub

So now spok1 and spoke2 can communicate each other

 Videos Guidelines