Configuration process:
1. Create a tunnel interface (Prefer on untrust zone).
2. Create an IKE gateway (Phase 1)
3. Create an AutoKey IKE (Phase 2)
4. Configure routing (Tunnel interface as the gateway)
5. Create a policy (If tunnel interface and source address are not on the same zone)
Troubleshooting:
FW-> ping <destination interface IP> from <source interface>
FW-> get route ip <destination interface IP>
FW-> get ike cookie
FW-> get sa active
No comments:
Post a Comment