Chapter 11 IPsec VPN for FortiOS 5.0 : Protecting OSPF with IPsec : OSPF over IPsec configuration : Configuring OSPF : FortiGate_1 OSPF configuration
  
FortiGate_1 OSPF configuration
When configuring FortiGate_1 for OSPF, the loopback interface is created, and then you configure OSPF area networks and interfaces.
With the exception of creating the loopback interface, OSPF for this example can all be configured in either the web-based manager or CLI.
To create the loopback interface
A loopback interface can be configured in the CLI only. For example, if the interface will have an IP address of 10.0.0.1, you would enter:
config system interface
edit lback1
set vdom root
set ip 10.0.0.1 255.255.255.255
set type loopback
end
The loopback addresses and corresponding router IDs on the two FortiGate units must be different. For example, set the FortiGate 1 loopback to 10.0.0.1 and the FortiGate 2 loopback to 10.0.0.2.
To configure OSPF area, networks, and interfaces - web-based manager
1. On FortiGate_1, go to Router > Dynamic > OSPF.
For low end FortiGate units, you first need to enable Dynamic Routing by going to System > Admin > Settings.
2. Enter the following information to define the router, area, and interface information.
Router ID
Enter 10.0.0.1. Select Apply before entering the remaining information.
Advanced Options
 
Redistribute
Select the Connected and Static check boxes. Use their default metric values.
Areas
Select Create New, enter the Area and Type and then select OK.
Area
0.0.0.0
Type
Regular
Interfaces
Enter a name for the OSPF interface, ospf_wan1 for example.
Name
 
Interface
Select the virtual IPsec interface, tunnel_wan1.
IP
0.0.0.0
3. For Networks, select Create New.
4. Enter the IP/Netmask of 10.1.1.0/255.255.255.0 and an Area of 0.0.0.0.
5. For Networks, select Create New.
6. Enter the IP/Netmask of 10.0.0.1/255.255.255.0 and an Area of 0.0.0.0.
7. Select Apply.
To configure OSPF area and interfaces - CLI
Your loopback interface is 10.0.0.1, your tunnel ends are on the 10.1.1.0/24 network, and your virtual IPsec interface is named tunnel_wan1. Enter the following CLI commands:
config router ospf
set router-id 10.0.0.1
config area
edit 0.0.0.0
end
config network
edit 4
set prefix 10.1.1.0 255.255.255.0
next
edit 2
set prefix 10.0.0.1 255.255.255.255
end
config ospf-interface
edit ospf_wan1
set cost 10
set interface tunnel_wan1
set network-type point-to-point
end
config redistribute connected
set status enable
end
config redistribute static
set status enable
end
end