IPSec VPN AutoIKE IPSec VPNs
FortiGate-4000 Installation and Configuration Guide 245
10 Enable Autokey Keep Alive if you want to keep the VPN tunnel running even if no data
is being processed.
11 Select a concentrator if you want the tunnel to be part of a hub and spoke VPN
configuration.
If you use the procedure, “Adding a VPN concentrator” on page 255 to add the tunnel
to a concentrator, the next time you open the tunnel, the Concentrator field displays
the name of the concentrator to which you added the tunnel.
12 Select a Quick Mode Identity.
13 Select OK to save the AutoIKE key VPN tunnel.
Figure 71: Adding a phase 2 configuration
Use selectors from policy Select this option for policy-based VPNs. A policy-based
VPN uses an encrypt policy to select which VPN tunnel to
use for the connection. In this configuration, the VPN tunnel
is referenced directly from the encrypt policy.
You must select this option if both VPN peers are FortiGate
units.
Use wildcard selectors Select this option for routing-based VPNs. A routing-based
VPN uses routing information to select which VPN tunnel to
use for the connection. In this configuration, the tunnel is
referenced indirectly by a route that points to a tunnel
interface.
You must select this option if the remote VPN peer is a non-
FortiGate unit that has been configured to operate in tunnel
interface mode.