Fortigate & Cisco Router 建立 GRE

設定GRE在Fortigate 比較繁瑣,以下是設定步驟

1. 架構圖
2. FGT建立GRE
3. FGT設定Interface
4. FGT建立路由
5. FGT建立Policy
6. Cisco Router建立GRE
7. Cisco Router建立路由

1. 架構圖

2. FGT建立GRE
Fortigate 建立GRE只能從CLI 上設定

#config system gre-tunnel 

相對於Cisco Router Tunnel name (Tunnel interface number)

(gre-tunnel) # edit GRE-To-Hukou

Interface WAN

(GRE-To-Hukou) # set interface "internal"

相對於Cisco Router Tunnel Destination

(GRE-To-Hukou) # set remote-gw 22.133.34.19

相對於Cisco Router Tunnel Source

(GRE-To-Hukou) # set local-gw 124.19.117.24

3. FGT設定Interface

#config system interface
(interface) #  edit GRE-To-Hukou
(GRE-To-Hukou) # set vdom "root"

Tunnel Interface IP mask 一定要使用255.255.255.255

(GRE-To-Hukou) # set ip 192.168.254.1 255.255.255.255
(GRE-To-Hukou) # set allowaccess ping
(GRE-To-Hukou) # set type tunnel
(GRE-To-Hukou) # set remote-ip 192.168.254.2
(GRE-To-Hukou) # set interface "internal"

4. FGT建立路由
Router → Static → Static Routes 

5. FGT建立Policy
LAN-to-GRE Policy

GRE-to-LAN Policy

6. Cisco Router建立GRE

#show run int tu1
interface Tunnel1
 description Cisco-Fortigate
 ip address 192.168.254.2 255.255.255.252
 tunnel source 22.133.34.19
 tunnel destination 124.19.117.24
end

7. Cisco Router建立路由

(config)#ip route 172.27.28.0 255.255.255.0 Tunnel1
Facebook Comments