Adding A Vpn Concentrator - Fortinet FortiGate 50A Installation And Configuration Manual

IPSec VPN concentrators

Adding a VPN concentrator

198
4 Add an encrypt policy for each spoke. Encrypt policies control the direction of traffic
through the hub and allow inbound and outbound VPN connections between the hub
and the spokes. The encrypt policy for each spoke must include the tunnel name of
the spoke. The source address must be Internal_All. Use the following configuration
for the encrypt policies:
Source Internal_All
Destination The VPN spoke address.
Action ENCRYPT
VPN Tunnel The VPN spoke tunnel name.
Allow inbound Select allow inbound.
Allow outbound Select allow outbound
Inbound NAT Select inbound NAT if required.
Outbound NAT Select outbound NAT if required.
See "Adding an encrypt policy" on page
5 Arrange the policies in the following order:
• encrypt policies
• default non-encrypt policy (Internal_All -> External_All)
To add a VPN concentrator configuration
1 Go to VPN > IPSec > Concentrator.
2 Select New to add a VPN concentrator.
3 Enter the name of the new concentrator in the Concentrator Name field.
4 To add tunnels to the VPN concentrator, select a VPN tunnel from the Available
Tunnels list and select the right arrow.
5 To remove tunnels from the VPN concentrator, select the tunnel in the Members list
and select the left arrow.
6 Select OK to add the VPN concentrator.
195.
IPSec VPN
Fortinet Inc.