Configure the spokes
Although this procedure assumes that the spokes are all FortiGate units, a spoke could also be VPN client software, such as FortiClient Endpoint Security.
Perform these steps at each FortiGate unit that will act as a spoke.
To create the phase 1 and phase_2 configurations
1. At the spoke, define the phase 1 parameters that the spoke will use to establish a secure connection with the hub. See
“Auto Key phase 1 parameters”. Enter these settings:
Remote Gateway | Select Static IP Address. |
IP Address | Type the IP address of the interface that connects to the hub. |
Enable IPsec Interface Mode | Enable if you are creating a route-based VPN. Clear if you are creating a policy-based VPN |
2. Create the phase 2 tunnel definition. See
“Phase 2 parameters”. Select the set of phase 1 parameters that you defined for the hub. You can select the name of the hub from the
Static IP Address part of the list.