IPSec VPN
VPN spoke general configuration steps
FortiGate-50A Installation and Configuration Guide
Figure 26: Adding a VPN concentrator
A remote VPN peer that functions as a spoke requires the following configuration:
•
A tunnel (AutoIKE phase 1 and phase 2 configuration or manual key configuration)
for the hub.
•
The source address of the local VPN spoke.
•
The destination address of each remote VPN spoke.
•
A separate outbound encrypt policy for each remote VPN spoke. These policies
allow the local VPN spoke to initiate encrypted connections.
•
A single inbound encrypt policy. This policy allows the local VPN spoke to accept
encrypted connections.
To create a VPN spoke configuration
1
Configure a tunnel between the spoke and the hub.
Choose between a manual key tunnel or an AutoIKE tunnel.
•
To add a manual key tunnel, see
•
To add an AutoIKE tunnel, see
2
Add the source address. One source address is required for the local VPN spoke.
See
"Adding a source address" on page
3
Add a destination address for each remote VPN spoke. The destination address is the
address of the spoke (either a client on the Internet or a network located behind a
gateway).
See
"Adding a destination address" on page 194
"Manual key IPSec VPNs" on page
"AutoIKE IPSec VPNs" on page
194.
IPSec VPN concentrators
181.
182.
199