Cloudflare 中文文档
Magic WAN
Cloudflare 中文文档
Magic WAN
编辑这个页面
跳转官方原文档
Set theme to dark (⇧+D)
  1. Products
  2. Magic WAN
  3. ...
  4. ...
  5. Third-party integration
  6. Furukawa Electric FITELnet

Furukawa Electric FITELnet

This tutorial describes how to configure the Furukawa Electric’s FITELnet F220 and F70 devices to connect to Cloudflare Magic WAN via IPsec tunnels. The use cases described in this tutorial are for both east-west (branch to branch) and north-south (Internet-bound).

​​ Testing environment

These configurations were tested on FITELnet F220 and F70 series with the following firmware versions:

  • F220 series: Version 01.11(00)
  • F70 series: Version 01.09(00)

​​ IPsec configuration

​​ Magic WAN configuration

  1. Go to the Cloudflare dashboard and select your account.
  2. Go to Magic WAN > Configuration.
  3. From the Tunnels tab, select Create.
  4. For the first IPsec tunnel, ensure the following settings are defined (refer to Add tunnels for information on settings not mentioned here):
    • Tunnel name: FITEL-tunnel-1
    • Interface address: Enter 10.0.0.1/31 for your first tunnel.
    • Customer endpoint: This setting is not required unless your router is using an IKE ID of type ID_IPV4_ADDR.
    • Cloudflare endpoint: The Cloudflare Anycast IP assigned to you by your account team.
    • Pre-shared key: Create a pre-shared key for your first tunnel.
  5. For the second IPsec tunnel, make the same changes as you did for the first tunnel, and ensure these additional setting is defined:
    • Tunnel name: FITEL-tunnel-2
    • Interface address: Enter 10.0.0.3/31 for your second tunnel.
    • Customer endpoint: This setting is not required unless your router is using an IKE ID of type ID_IPV4_ADDR.
    • Cloudflare endpoint: The Cloudflare Anycast IP assigned to you by your account team.
    • Pre-shared key: Create a pre-shared key for your second tunnel.

​​ FITELnet router configuration

​​ Router 1 settings

Use the CLI to configure these settings:

​​ Router 2 settings

Use the CLI to configure these settings:

​​ Static route configuration

To configure routes for east-west (branch to branch) connections, refer to the following settings.

​​ Magic WAN

  1. Go to the Cloudflare dashboard and select your account.
  2. Go to Magic WAN > Configuration.
  3. From the Static Routes tab, select Create.
  4. For the first route, ensure the following settings are defined (refer to Configure static routes to learn about settings not mentioned here):
  • Prefix: 192.168.0.0/24
  • Tunnel/Next hop: FITEL-tunnel-1 / 10.0.0.0
  1. For the second route, ensure the following settings are defined:
  • Prefix: 192.168.1.0/24
  • Tunnel/Next hop: FITEL-tunnel-2 / 10.0.0.2

​​ FITELnet router configuration

​​ Router 1

Use the CLI to configure these settings:

​​ Router 2

Use the CLI to configure these settings:

​​ Connection test

​​ IPsec status

In the FITELnet router CLI, you can run show crypto sa to check the status of the IPsec security associations (SAs). Total number of ISAKMP/IPSEC SA shows the number of established SAs.

​​ Route Status

In the FITELnet router CLI, you can run show ip route to check the route information. A * in the route information indicates that the route information is valid.