Use this command to add IPSec policy-based VPN tunnels to a VPN concentrator. The VPN concentrator collects hub-and-spoke tunnels into a group.
The concentrator allows VPN traffic to pass from one tunnel to the other through the FortiGate unit. The FortiGate unit functions as a concentrator, or hub, in a hub-and-spoke network.
VPN concentrators are not available in Transparent mode.
config vpn ipsec concentrator
The member field is required.
edit <concentrator_name>
Enter a name for the concentrator.
No default.
member <member_name> [member_name] [member_name]
Enter the names of up to three VPN tunnels to add to the concentrator. Separate the tunnel names with spaces.
Members can be tunnels defined in vpn ipsec phase1 or vpn ipsec manual-key.
To add or remove tunnels from the concentrator you must re-enter the whole list with the required additions or deletions.
No default.
src-check {enable | disable}
Enable to check the source address of the phase2 selector when locating the best matching phase2 in a concentrator. The default is to check only the destination selector.