Fortigate GRE + OSPF

Neste post vou demonstrar tecnicamente a configuração de um túnel GRE (Generic Routing Encapsulation) que permite o encapsulamento de uma variedade de outros protocolos. Através deste túnel iremos transportar rotas dinâmicas fazendo uso do OSPF.

Topologia utilizada para demonstrar as configurações

gre01

OFFICE A

config system gre-tunnel
edit “toFG2”
set interface “port1”
set local-gw 192.168.3.2
set remote-gw 192.168.3.3
next
end

config system interface
edit “toFG2”
set vdom “root”
set ip 10.0.0.1 255.255.255.255
set type tunnel
set remote-ip 10.0.0.2
set interface “port1”
end

config router ospf
config area
edit 0.0.0.0
next
end
config network
edit 1
set prefix 10.0.0.0 255.255.255.252
end
edit 2
set prefix 192.168.5.0 255.255.255.0
end
set router-id 192.168.3.2
end

config firewall policy
edit 0
set srcintf “port3”
set dstintf “toFG2”
set srcaddr “all”
set dstaddr “all”
set action accept
set schedule “always”
set service “ANY”
next
edit 0
set srcintf “toFG2”
set dstintf “port3”
set srcaddr “all”
set dstaddr “all”
set action accept
set schedule “always”
set service “ANY”
next
end

OFFICE B

config system gre-tunnel
edit “toFG1”
set interface “port1”
set local-gw 192.168.3.3
set remote-gw 192.168.3.2
next
end

config system interface
edit “toFG1”
set vdom “root”
set ip 10.0.0.2 255.255.255.255
set type tunnel
set remote-ip 10.0.0.1
set interface “port1”
next
end

config router ospf
config area
edit 0.0.0.0
next
end
config network
edit 1
set prefix 10.0.0.0 255.255.255.252
end
edit 2
set prefix 192.168.6.0 255.255.255.0
end
set router-id 192.168.3.3
end

config firewall policy
edit 0
set srcintf “port3”
set dstintf “toFG1”
set srcaddr “all”
set dstaddr “all”
set action accept
set schedule “always”
set service “ANY”
next
edit 0
set srcintf “toFG1”
set dstintf “port3”
set srcaddr “all”
set dstaddr “all”
set action accept
set schedule “always”
set service “ANY”
next
end

Troubleshooting

OFFICE A

get router info  ospf  neighbor

gre02

get router info routing-table all

gre04

OFFICE B

get router info  ospf  neighbor

gre03

get router info routing-table all

gre05

Logando a comunicação dos hosts

diagnose sniffer packet any icmp

gre06

Tags: