Chapter 10 IPsec VPN : Hub-and-spoke configurations : Dynamic spokes configuration example : Configure the hub (FortiGate_1) : Define the IPsec configuration
  
Define the IPsec configuration
To define the Phase 1 parameters
1. At FortiGate_1, go to VPN > IPsec > Tunnels and create the new custom tunnel or edit an existing tunnel.
2. Edit the Phase 1 Proposal (if it is not available, you may need to click the Convert to Custom Tunnel button).
Define the Phase 1 parameters that the hub will use to establish a secure connection to the spokes.
Name
Enter a name (for example, toSpokes).
Remote Gateway
Dialup user
Local Interface
External
Mode
Main
Authentication Method
Preshared Key
Pre-shared Key
Enter the preshared key.
Peer Options
Any peer ID
The basic Phase 2 settings associate IPsec Phase 2 parameters with the Phase 1 configuration and specify the remote end points of the VPN tunnels.
To define the Phase 2 parameters
1. Open the Phase 2 Selectos panel (if it is not available, you may need to click the Convert to Custom Tunnel button).
2. Enter the following information, and select OK:
Name
Enter a name for the Phase 2 definition (for example, toSpokes_ph2).
Phase 1
Select the Phase 1 configuration that you defined previously (for example, toSpokes).