設定GRE在Fortigate 比較繁瑣,以下是設定步驟
1. 架構圖
2. FGT建立GRE
3. FGT設定Interface
4. FGT建立路由
5. FGT建立Policy
6. Cisco Router建立GRE
7. Cisco Router建立路由
1. 架構圖
2. FGT建立GRE
Fortigate 建立GRE只能從CLI 上設定
#config system gre-tunnel
相對於Cisco Router Tunnel name (Tunnel interface number)
(gre-tunnel) # edit GRE-To-Hukou
Interface WAN
(GRE-To-Hukou) # set interface "internal"
相對於Cisco Router Tunnel Destination
(GRE-To-Hukou) # set remote-gw 22.133.34.19
相對於Cisco Router Tunnel Source
(GRE-To-Hukou) # set local-gw 124.19.117.24
3. FGT設定Interface
#config system interface
(interface) # edit GRE-To-Hukou
(GRE-To-Hukou) # set vdom "root"
Tunnel Interface IP mask 一定要使用255.255.255.255
(GRE-To-Hukou) # set ip 192.168.254.1 255.255.255.255
(GRE-To-Hukou) # set allowaccess ping
(GRE-To-Hukou) # set type tunnel
(GRE-To-Hukou) # set remote-ip 192.168.254.2
(GRE-To-Hukou) # set interface "internal"
4. FGT建立路由
Router → Static → Static Routes
5. FGT建立Policy
LAN-to-GRE Policy
6. Cisco Router建立GRE
#show run int tu1
interface Tunnel1 description Cisco-Fortigate ip address 192.168.254.2 255.255.255.252 tunnel source 22.133.34.19 tunnel destination 124.19.117.24 end
7. Cisco Router建立路由
(config)#ip route 172.27.28.0 255.255.255.0 Tunnel1
Facebook Comments