
IPSec VPN concentrators | IPSec VPN |
|
|
4Add a separate outbound encrypt policy for each remote VPN spoke. These policies control the encrypted connections initiated by the local VPN spoke.
The encrypt policy must include the appropriate source and destination addresses and the tunnel added in step 1. Use the following configuration:
Source | The local VPN spoke address. |
Destination | The remote VPN spoke address. |
Action | ENCRYPT |
VPN Tunnel | The VPN tunnel name added in step 1. (Use the same tunnel for all encrypt |
| policies.) |
Allow inbound | Do not enable. |
Allow outbound Select allow outbound | |
Inbound NAT | Select inbound NAT if required. |
Outbound NAT | Select outbound NAT if required. |
See “Adding an encrypt policy” on page 195.
5Add an inbound encrypt policy. This policy controls the encrypted connections initiated by the remote VPN spokes.
The encrypt policy for the hub must include the appropriate source and destination addresses and the tunnel added in step 1. Use the following configuration:
Source | The local VPN spoke address. |
Destination | External_All |
Action | ENCRYPT |
VPN Tunnel | The VPN tunnel name added in step 1. (Use the same tunnel for all encrypt |
| policies.) |
Allow inbound | Select allow inbound. |
Allow outbound Do not enable. | |
Inbound NAT | Select inbound NAT if required. |
Outbound NAT | Select outbound NAT if required. |
See “Adding an encrypt policy” on page 195.
6Arrange the policies in the following order:
•outbound encrypt policies
•inbound encrypt policy
•default
Note: The default
200 | Fortinet Inc. |