Tuesday, April 30, 2013

Fortigate Two Phases :






  Cisco router configuration :
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key 6 95313a@3dfd address 112.115.168.123
!
!
crypto ipsec transform-set fortinet esp-3des esp-sha-hmac
!
crypto map test 1 ipsec-isakmp
 set peer 112.115.168.123
 set transform-set fortinet
 match address 107
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface Vlan1
 ip address 192.168.68.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Dialer1                                     //PPPoE Dialer Script
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname ra566831345
 ppp chap password 0 password
 ppp pap sent-username ra566831345 password 0 password
 crypto map test
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1 100
ip route 192.168.44.0 255.255.255.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source route-map nonat interface Dialer1 overload
!
access-list 106 deny   ip 192.168.68.0 0.0.0.255 192.168.44.0 0.0.0.255
access-list 106 permit ip 192.168.68.0 0.0.0.255 any
access-list 107 permit ip 192.168.68.0 0.0.0.255 192.168.44.0 0.0.0.255
!
!
route-map nonat permit 10
 match ip address 106                   //This route map is to no NAT between site to site network because, in fortigate NAT was disabled.
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password cisco
 login local
!
scheduler max-task-time 5000
end