Filter
Top Products
VPN ipsec vip
FortiGate-100A Administration Guide 01-28007-0068-20041203 273
For more information, see “Configuring IPSec virtual IP addresses” on page 274.
Command syntax pattern
config vpn ipsec vip
edit <vip_integer>
set <keyword> <variable>
end
config vpn ipsec vip
edit <vip_integer>
unset <keyword>
end
config vpn ipsec vip
delete <vip_integer>
end
get vpn ipsec vip [<vip_integer>]
show vpn ipsec vip [<vip_integer>]
Example
The following commands add IPSec VIP entries for two remote hosts that can be
accessed by a FortiGate unit through an IPSec VPN tunnel on the external
interface of the FortiGate unit. Similar commands must be entered on the FortiGate
unit at the other end of the IPSec VPN tunnel.
config vpn ipsec vip
edit 1
set ip 192.168.12.1
set out-interface external
next
edit 2
set ip 192.168.12.2
set out-interface external
end
Note: The interface to the destination network must be associated with a VPN tunnel through a
firewall encryption policy (action must be set to encrypt). The policy determines which VPN
tunnel will be selected to forward traffic to the destination. When you create IPSec VIP entries,
check the encryption policy on the FortiGate interface to the destination network to ensure that
it meets your requirements.
ipsec vip command keywords and variables
Keywords and variables Description Default Availability
ip <address_ipv4> The IP address of the destination
host on the destination network.
0.0.0.0 All models.
out-interface
<interface-name_str>
The name of the FortiGate interface
to the destination network.
null All models.