IPSec VPN Concentrator
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 625
http://docs.fortinet.com/ • Feedback
2 Select Create New and enter the following information.
3 Configure other settings as required.
4 Select OK.
Concentrator
In a hub-and-spoke configuration, policy-based VPN connections to a number of remote
peers radiate from a single, central FortiGate unit. Site-to-site connections between the
remote peers do not exist; however, You can establish VPN tunnels between any two of
the remote peers through the FortiGate unit “hub”.
In a hub-and-spoke network, all VPN tunnels terminate at the hub. The peers that connect
to the hub are known as “spokes”. The hub functions as a concentrator on the network,
managing all VPN connections between the spokes. VPN traffic passes from one tunnel to
the other through the hub.
You define a concentrator to include spokes in the hub-and-spoke configuration.
To define a concentrator, go to VPN > IPSEC > Concentrator. For detailed information and
step-by-step procedures about how to set up a hub-and-spoke configuration, see the
FortiGate IPSec VPN User Guide.
Figure 384: Concentrator list
Defining concentrator options
A concentrator configuration specifies which spokes to include in an IPSec hub-and-spoke
configuration.
To specify the spokes of an IPSec hub-and-spoke configuration, go to VPN > IPSEC >
Concentrator and select Create New.
Source Interface/Zone Select the IPSec interface.
Source Address Name Select All.
Destination Interface/Zone Select the FortiGate unit public interface.
Destination Address Name Select All.
Action Select ACCEPT.
NAT Select the check box.
Create New Define a new concentrator for an IPSec hub-and-spoke configuration. For
more information, see “Defining concentrator options” on page 625
.
Concentrator Name The names of existing IPSec VPN concentrators.
Members The tunnels that are associated with the concentrators.
Delete and Edit
icons
Delete or edit a concentrator.
To Next Page
Loading...
Need help?
General