fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Configure the spokes Hub-and-spoke configurations<br />
2 Define the security policy to enable communication between this spoke and the<br />
spokes in the address group you created.<br />
Policy-based VPN security policy<br />
Define an IPsec security policy to permit communications with the other spokes. See<br />
“Defining VPN security policies” on page 64. Enter these settings in particular:<br />
Route-based VPN security policy<br />
Define two security policies to permit communications to and from the other spokes.<br />
Enter these settings in particular:<br />
Source Interface/Zone Select the virtual IPsec interface you created.<br />
Source Address Name Select the spoke address group you defined in Step 1.<br />
Destination<br />
Select the spoke’s interface to the internal (private)<br />
Interface/Zone<br />
network.<br />
Destination Address<br />
Name<br />
Select this spoke’s address name.<br />
Action Select ACCEPT<br />
NAT Enable<br />
Source Interface/Zone<br />
Select the spoke’s interface to the internal (private)<br />
network.<br />
Source Address Name Select this spoke’s address name.<br />
Destination<br />
Interface/Zone<br />
Select the virtual IPsec interface you created.<br />
Destination Address<br />
Name<br />
Select the spoke address group you defined in Step 1.<br />
Action Select ACCEPT<br />
NAT Enable<br />
Policy-based VPN security policy<br />
Source Interface/Zone Select this spoke’s internal (private) network interface.<br />
Source Address Name Select this spoke’s source address.<br />
Destination<br />
Select the spoke’s interface to the external (public)<br />
Interface/Zone<br />
network.<br />
Destination Address<br />
Name<br />
Select the spoke address group you defined in Step 1.<br />
Action Select IPSEC<br />
VPN Tunnel<br />
Select the name of the phase 1 configuration you<br />
defined.<br />
Select Allow inbound to enable traffic from the remote<br />
network to initiate the tunnel.<br />
Select Allow outbound to enable traffic from the local<br />
network to initiate the tunnel.<br />
IPsec VPNs for FortiOS 4.0 MR3<br />
94 01-434-112804-20120111<br />
http://docs.fortinet.com/