IPSec VPN: Authentication by certificate
You wish to securely link up the various sites of your company currently linked via the Internet.
To do so, you need to create a site-to-site IPSec VPN star configuration. The authentication method shown in this tutorial is based on the verification of certificates (authentication by pre-shared key can also be set up).
This document describes the configuration to create, so that you can allow client workstations on two remote sites to access an intranet server on the main site through this tunnel in HTTP. Needless to say, this architecture is not restricted to just three sites.
The certification authority will be hosted by one of three IPSec gateways involved, the IPS-Firewall of the main site.