vpn ipsec concentrator
In a hub-and-spoke network, policy-based VPN connections to a number of remote peers radiate from a single, central FortiGate unit, or "hub". The hub functions as a concentrator on the network, managing all VPN connections between the peers, or "spokes". VPN traffic passes from one tunnel to the other through the hub. Add IPsec policy-based VPN tunnels to a VPN concentrator, allowing VPN traffic to pass from one tunnel to the other through the FortiGate unit.
Note: VPN concentrators are only available in NAT mode.
config vpn ipsec concentrator edit {name} # Concentrator configuration. set name {string} Concentrator name. size[35] set src-check {disable | enable} Enable to check source address of phase 2 selector. Disable to check only the destination selector. config member edit {name} # Names of up to 3 VPN tunnels to add to the concentrator. set name {string} Member name. size[64] - datasource(s): vpn.ipsec.manualkey.name,vpn.ipsec.phase1.name next next end
src-check {enable | disable}
Enable to check the source address of the phase 2 selector when locating the best matching phase 2 in a concentrator. Disable (by default) to check only the destination selector.
member <name> [name] [name]
Enter the names of up to three VPN tunnels to add to the concentrator, each separated by a space. Members can be tunnels defined in vpn ipsec phase1
or vpn ipsec manualkey
.