Command syntax pattern, Example – Fortinet 100A User Manual

VPN

ipsec vip

FortiGate-100A Administration Guide

01-28007-0068-20041203

273

For more information, see

“Configuring IPSec virtual IP addresses” on page 274

.

Command syntax pattern

config vpn ipsec vip

edit <vip_integer>

set <keyword> <variable>

end

config vpn ipsec vip

edit <vip_integer>

unset <keyword>

end

config vpn ipsec vip

delete <vip_integer>
end

get vpn ipsec vip [<vip_integer>]

show vpn ipsec vip [<vip_integer>]

Example

The following commands add IPSec VIP entries for two remote hosts that can be
accessed by a FortiGate unit through an IPSec VPN tunnel on the external

interface of the FortiGate unit. Similar commands must be entered on the FortiGate
unit at the other end of the IPSec VPN tunnel.

config vpn ipsec vip

edit 1

set ip 192.168.12.1
set out-interface external

next
edit 2

set ip 192.168.12.2
set out-interface external

end

Note: The interface to the destination network must be associated with a VPN tunnel through a
firewall encryption policy (action must be set to encrypt). The policy determines which VPN
tunnel will be selected to forward traffic to the destination. When you create IPSec VIP entries,
check the encryption policy on the FortiGate interface to the destination network to ensure that
it meets your requirements.

ipsec vip command keywords and variables

Keywords and variables

Description

Default

Availability

ip <address_ipv4>

The IP address of the destination

host on the destination network.

0.0.0.0 All models.

out-interface
<interface-name_str>

The name of the FortiGate interface

to the destination network.

null

All models.