1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

! Crypto ACL
ip access-list extended cacl.azure-lab
 permit ip 10.220.0.0 0.0.15.255 10.233.0.0 0.0.255.255
exit
! IKEv2 phase 1 proposal
crypto ikev2 proposal ike2a2s2g14
 encryption aes-cbc-256
 integrity sha256
 group 14
! pre-shared-key
crypto ikev2 keyring key.azure-lab
 peer forti-azure
  address <remote-ip>
  pre-shared-key <shared-key>
exit
exit
! IKEv2  phase1 profile
crypto ikev2 profile profile.azure-lab
 match identity remote address <remote-ip> 255.255.255.255
 ! fqdn ist leider notwendig aufgrund eines fehlverhalten der Fortinet
 match identity remote fqdn <remote-ip>
 identity local address <local-ip>
 authentication remote pre-share
 authentication local pre-share
 keyring local key.azure-lab
exit
! IKEv2 crypto map
crypto map cmap.G0-1 40 ipsec-isakmp
 description Azure-LAB
 set peer <remote-ip>
 set security-association lifetime seconds 28800
 set transform-set ESP-AES256-SHA256
 set ikev2-profile profile.azure-lab
 match address cacl.azure-lab
 reverse-route static
end
wr