~#: Fortigate with Cisco Using OSPF

Let's make the Fortigate talk com a Cisco Router, using OSPF protocol (using authentication). Very easy to do so.

[+] The config in Fortigate unit:

FortiGate # show system interface

config system interface
    edit "port2"
        set vdom "root"
        set ip 172.16.1.10 255.255.255.0
        set allowaccess ping ssh http
        set type physical
        set alias "inside"
        set snmp-index 2
    next

FortiGate # show router ospf

config router ospf
        config area
            edit 0.0.0.0
                set authentication md5
            next
        end
        config network
            edit 1
                set prefix 172.16.1.0 255.255.255.0
            next
        end
        config ospf-interface
            edit "inside-interface"
                set authentication md5
                set dead-interval 40
                set hello-interval 10
                set interface "port2"
                set ip 172.16.1.10
                set md5-key 1 "ENC rW7xZ/DXfkx3kE0M5nh2nKNQAvg8"
            next
        end
        config redistribute "connected"
        end
        config redistribute "static"
        end
    set router-id 172.16.1.100
end

FortiGate # get router info routing-table ospf

O       100.0.0.1/32 [110/2] via 172.16.1.20, port2, 00:02:12

[*] A DHCP server config just for fun : ]

FortiGate# show system dhcp server

config system dhcp server
    edit 1
        set default-gateway 172.16.1.10
        set dns-service default
        set interface "port2"
            config ip-range
                edit 1
                    set end-ip 172.16.1.30
                    set start-ip 172.16.1.20
                next
            end
        set netmask 255.255.255.0
    next
end

[+] The config of Cisco Router:

R1# sh run | s router ospf

router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0

R1# sh run int f0/0

Current configuration : 154 bytes
!
interface FastEthernet0/0
 ip address dhcp
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 cisco
 duplex auto
 speed auto
end

[-] Why not see what's happening?

R1# debug ip ospf adj

OSPF adjacency events debugging is on
*Mar  1 00:14:15.863: OSPF: 2 Way Communication to 172.16.1.100 on FastEthernet0/0, state 2WAY
*Mar  1 00:14:15.863: OSPF: Neighbor change Event on interface FastEthernet0/0
*Mar  1 00:14:15.867: OSPF: DR/BDR election on FastEthernet0/0 
*Mar  1 00:14:15.867: OSPF: Elect BDR 0.0.0.0
*Mar  1 00:14:15.867: OSPF: Elect DR 172.16.1.100
*Mar  1 00:14:15.867: OSPF: Elect BDR 172.16.1.20
*Mar  1 00:14:15.867: OSPF: Elect DR 172.16.1.100
*Mar  1 00:14:15.867:        DR: 172.16.1.100 (Id)   BDR: 172.16.1.20 (Id)
*Mar  1 00:14:15.871: OSPF: Send DBD to 172.16.1.100 on FastEthernet0/0 seq 0x1C12 opt 0x52 flag 0x7 len 32
*Mar  1 00:14:15.871: OSPF: Send with youngest Key 1
R1#
*Mar  1 00:14:15.871: OSPF: Set FastEthernet0/0 flush timer
*Mar  1 00:14:15.871: OSPF: Remember old DR 172.16.1.20 (id)
*Mar  1 00:14:15.875: OSPF: Neighbor change Event on interface FastEthernet0/0
*Mar  1 00:14:15.875: OSPF: DR/BDR election on FastEthernet0/0 
*Mar  1 00:14:15.879: OSPF: Elect BDR 172.16.1.20
*Mar  1 00:14:15.879: OSPF: Elect DR 172.16.1.100
*Mar  1 00:14:15.879:        DR: 172.16.1.100 (Id)   BDR: 172.16.1.20 (Id)
*Mar  1 00:14:16.375: OSPF: Reset old DR on FastEthernet0/0
R1#
*Mar  1 00:14:20.871: OSPF: Send DBD to 172.16.1.100 on FastEthernet0/0 seq 0x1C12 opt 0x52 flag 0x7 len 32
*Mar  1 00:14:20.871: OSPF: Send with youngest Key 1
*Mar  1 00:14:20.871: OSPF: Retransmitting DBD to 172.16.1.100 on FastEthernet0/0 [1]
R1#
*Mar  1 00:14:23.931: OSPF: Send with youngest Key 1
*Mar  1 00:14:23.951: OSPF: Rcv DBD from 172.16.1.100 on FastEthernet0/0 seq 0x1997 opt 0x42 flag 0x7 len 32  mtu 1500 state EXSTART
*Mar  1 00:14:23.951: OSPF: NBR Negotiation Done. We are the SLAVE
*Mar  1 00:14:23.955: OSPF: Send DBD to 172.16.1.100 on FastEthernet0/0 seq 0x1997 opt 0x52 flag 0x2 len 52
*Mar  1 00:14:23.955: OSPF: Send with youngest Key 1
*Mar  1 00:14:23.995: OSPF: Rcv DBD from 172.16.1.100 on FastEthernet0/0 seq 0x1998 opt 0x42 flag 0x3 len 52  mtu 1500 state EXCHANGE
*Mar  1 00:14:23.999: OSPF: Send DBD to 172.16.1.100 on FastEthernet0/0 seq 0x1998 opt 0x52 flag 0x0 len 32
*Mar  1 00:14:23.999: OSPF: Send with youngest Key 1
*Mar  1 00:14:23.999: OSPF: Database request to 172.16.1.100 
*Mar  1 00:14:23.999: OSPF: Send with youngest Key 1
*Mar  1 00:14:24.003: OSPF: sent LS REQ packet to 172.16.1.10, length 12
*Mar  1 00:14:24.035: OSPF: Rcv DBD from 172.16.1.100 on FastEthernet0/0 seq 0x1999 opt 0x42 flag 0x1 len 32  mtu 1500 state EXCHANGE
*Mar  1 00:14:24.039: OSPF: Exchange Done with 172.16.1.100 on FastEthernet0/0
*Mar  1 00:14:24.039: OSPF: Send DBD to 172.16.1.100 on FastEthernet0/0 seq 0x1999 opt 0x52 flag 0x0 len 32
*Mar  1 00:14:24.039: OSPF: Send with youngest Key 1
*Mar  1 00:14:24.039: OSPF: Synchronized with 172.16.1.100 on FastEthernet0/0, state FULL
*Mar  1 00:14:24.043: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.1.100 on FastEthernet0/0 from LOADING to FULL, Loading Done
*Mar  1 00:14:24.079: OSPF: Send with youngest Key 1
*Mar  1 00:14:24.543: OSPF: Send with youngest Key 1
*Mar  1 00:14:24.543: OSPF: Build router LSA for area 0, router ID 172.16.1.20, seq 0x80000002

R1# sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
172.16.1.100      1   FULL/DR         00:00:38    172.16.1.10     FastEthernet0/0

biOos

~#

15 August 2015

Fortigate with Cisco Using OSPF

No comments:

Labels