Chapter 11 IPsec VPN for FortiOS 5.0 : Protecting OSPF with IPsec : OSPF over IPsec configuration : Configuring OSPF : FortiGate_2 OSPF configuration
  
FortiGate_2 OSPF configuration
When configuring FortiGate_2 for OSPF, the loopback interface is created, and then you configure OSPF area networks and interfaces.
Configuring FortiGate_2 differs from FortiGate_1 in that three interfaces are defined instead of two. The third interface is the local LAN that will be advertised into OSPF.
With the exception of creating the loopback interface, OSPF for this example can all be configured in either the web-based manager or CLI.
To create the loopback interface
A loopback interface can be configured in the CLI only. For example, if the interface will have an IP address of 10.0.0.2, you would enter:
config system interface
edit lback1
set vdom root
set ip 10.0.0.2 255.255.255.255
set type loopback
end
The loopback addresses on the two FortiGate units must be different. For example, set the FortiGate 1 loopback to 10.0.0.1 and the FortiGate 2 loopback to 10.0.0.2.
To configure OSPF area and interfaces - web-based manager
1. On FortiGate_2, go to Router > Dynamic > OSPF.
For low end FortiGate units, you first need to enable Dynamic Routing by going to System > Admin > Settings.
2. Complete the following.
Router ID
10.0.0.2
Areas
Select Create New, enter the Area and Type and then select OK.
Area
0.0.0.0
Type
Regular
Interfaces
 
Name
Enter a name for the OSPF interface, ospf_wan1 for example.
Interface
Select the virtual IPsec interface, tunnel_wan1.
IP
0.0.0.0
3. For Networks, select Create New.
4. Enter the following information for the loopback interface:
IP/Netmask
10.0.0.2/255.255.255.255
Area
0.0.0.0
5. For Networks, select Create New.
6. Enter the following information for the tunnel interface:
IP/Netmask
10.1.1.0/255.255.255.255
Area
0.0.0.0
7. For Networks, select Create New.
8. Enter the following information for the local LAN interface:
IP/Netmask
10.31.101.0/255.255.255.255
Area
0.0.0.0
9. Select Apply.
To configure OSPF area and interfaces - CLI
If for example, your loopback interface is 10.0.0.2, your tunnel ends are on the 10.1.1.0/24 network, your local LAN is 10.31.101.0/24, and your virtual IPsec interface is named tunnel_wan1, you would enter:
config router ospf
set router-id 10.0.0.2
config area
edit 0.0.0.0
end
config network
edit 1
set prefix 10.1.1.0 255.255.255.0
next
edit 2
set prefix 10.31.101.0 255.255.255.0
next
edit 2
set prefix 10.0.0.2 255.255.255.255
end
config ospf-interface
edit ospf_wan1
set interface tunnel_wan1
set network-type point-to-point
end
end