Ipsec vpn concentrators – Fortinet FortiGate 50A User Manual

196

Fortinet Inc.

IPSec VPN concentrators

IPSec VPN

To make sure that the encrypt policy is matched for VPN connections, arrange the
encrypt policy above other policies with similar source and destination addresses and
services in the policy list.

Figure 25: Adding an encrypt policy

IPSec VPN concentrators

In a hub-and-spoke network, all VPN tunnels terminate at a single VPN peer called a
hub. The peers that connect to the hub are known as spokes. The hub functions as a
concentrator on the network, managing the VPN connections between the spokes.

The advantage of a hub-and-spoke network is that the spokes are simpler to configure
because they require fewer policy rules. Also, a hub-and-spoke network provides
some processing efficiencies, particularly on the spokes. The disadvantage of a hub-
and-spoke network is its reliance on a single peer to handle management of all VPNs.
If this peer fails, encrypted communication in the network is impossible.

A hub-and-spoke VPN network requires a special configuration. Setup varies
depending on the role of the VPN peer.