config vpn ipsec phase2-interfaceConfigure corresponding IPv6 IP on the IPsec VPN interface to allow dynamic routing on IPv6 as follows:
edit "IPv6"
set phase1name "FGT-1000D"
set src-addr-type subnet6
set dst-addr-type subnet6
next
end
config system interface
edit "FGT-1000D"
config ipv6
set ip6-address 101:101:101::66/64
set ip6-allowaccess ping
end
next
end
config router bgp
set as 65001
set router-id 66.66.66.66
config neighbor
edit "101:101:101::182"
set activate disable <-- This is important if there is dual-stack BGPv4 and BGPv6.
set remote-as 65182
next
end
config network6
edit 1
set prefix6 2403:2c00:ffff::/64
next
end
end
config vpn ipsec phase2-interface
edit "IPv6"
set phase1name "FGTKVM-66"
set src-addr-type subnet6
set dst-addr-type subnet6
next
end
config system interface
edit "FGTKVM-66"
config ipv6
set ip6-address 101:101:101::182/64
set ip6-allowaccess ping
end
next
end
config router bgp
set as 65182
set router-id 10.47.0.182
config neighbor
edit "101:101:101::66"
set activate disable
set remote-as 65001
next
end
config network6
edit 1
set prefix6 2403:2c00:fffe::/64
next
end
end
FGT-kvm # get router info6 bgp networkNote:
BGP table version is 2, local router ID is 66.66.66.66
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 2403:2c00:fffe::/64
::ffff:ac11:64b6 0 0 65182 I <-- (1)
*> 101:101:101::182 0 0 65182 I <-- (2)
*> 2403:2c00:ffff::/64
100 32768 i
Total number of prefixes 2
FGT-kvm # get router info6 routing-table bgp
IPv6 Routing Table
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
I - IS-IS, B - BGP
* - candidate default
Timers: Uptime
B 2403:2c00:fffe::/64 [20/0] via 101:101:101::182, FGT-1000D, 1d02h40m
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.