Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.0
Download PDF
Copy Link

vpn ipsec concentrator

In a hub-and-spoke network, policy-based VPN connections to a number of remote peers radiate from a single, central FortiGate unit, or "hub". The hub functions as a concentrator on the network, managing all VPN connections between the peers, or "spokes". VPN traffic passes from one tunnel to the other through the hub. Add IPsec policy-based VPN tunnels to a VPN concentrator, allowing VPN traffic to pass from one tunnel to the other through the FortiGate unit.

Note: VPN concentrators are only available in NAT mode.

config vpn ipsec concentrator
    edit {name}
    # Concentrator configuration.
        set name {string}   Concentrator name. size[35]
        set src-check {disable | enable}   Enable to check source address of phase 2 selector. Disable to check only the destination selector.
        config member
            edit {name}
            # Names of up to 3 VPN tunnels to add to the concentrator.
                set name {string}   Member name. size[64] - datasource(s): vpn.ipsec.manualkey.name,vpn.ipsec.phase1.name
            next
    next
end

src-check {enable | disable}

Enable to check the source address of the phase 2 selector when locating the best matching phase 2 in a concentrator. Disable (by default) to check only the destination selector.

member <name> [name] [name]

Enter the names of up to three VPN tunnels to add to the concentrator, each separated by a space. Members can be tunnels defined in vpn ipsec phase1 or vpn ipsec manualkey.

vpn ipsec concentrator

In a hub-and-spoke network, policy-based VPN connections to a number of remote peers radiate from a single, central FortiGate unit, or "hub". The hub functions as a concentrator on the network, managing all VPN connections between the peers, or "spokes". VPN traffic passes from one tunnel to the other through the hub. Add IPsec policy-based VPN tunnels to a VPN concentrator, allowing VPN traffic to pass from one tunnel to the other through the FortiGate unit.

Note: VPN concentrators are only available in NAT mode.

config vpn ipsec concentrator
    edit {name}
    # Concentrator configuration.
        set name {string}   Concentrator name. size[35]
        set src-check {disable | enable}   Enable to check source address of phase 2 selector. Disable to check only the destination selector.
        config member
            edit {name}
            # Names of up to 3 VPN tunnels to add to the concentrator.
                set name {string}   Member name. size[64] - datasource(s): vpn.ipsec.manualkey.name,vpn.ipsec.phase1.name
            next
    next
end

src-check {enable | disable}

Enable to check the source address of the phase 2 selector when locating the best matching phase 2 in a concentrator. Disable (by default) to check only the destination selector.

member <name> [name] [name]

Enter the names of up to three VPN tunnels to add to the concentrator, each separated by a space. Members can be tunnels defined in vpn ipsec phase1 or vpn ipsec manualkey.