Chapter 11 IPsec VPN for FortiOS 5.0 : Hub-and-spoke configurations : Dynamic spokes configuration example : Configure the hub (FortiGate_1) : Define the IPsec configuration
  
Define the IPsec configuration
To define the phase 1 parameters
1. At FortiGate_1, go to VPN > IPsec > Auto Key (IKE).
2. Define the phase 1 parameters that the hub will use to establish a secure connection to the spokes. Select Create Phase 1, enter the following information, and select OK:
Name
Enter a name (for example, toSpokes).
Remote Gateway
Dialup user
Local Interface
External
Mode
Main
Authentication Method
Preshared Key
Pre-shared Key
Enter the preshared key.
Peer Options
Accept any peer ID
The basic phase 2 settings associate IPsec phase 2 parameters with the phase 1 configuration and specify the remote end points of the VPN tunnels.
To define the phase 2 parameters
1. Go to VPN > IPsec > Auto Key (IKE).
2. Select Create Phase 2, enter the following information, and select OK:
Name
Enter a name for the phase 2 definition (for example, toSpokes_ph2).
Phase 1
Select the Phase 1 configuration that you defined previously (for example, toSpokes).