Creating IPsec tunnels

Adding the CA to the list of trusted CAs

Please refer to the section Configuring the main site, under Adding the CA to list of trusted authorities.

Creating the IPsec peer

On each remote site, define the IPsec peer of the main site.

To do so, please refer to the section Configuring the main site, under Creating IPsec peers.

The objects to select are the following:

On remote site A:

• Local network: Private_Net_Site_A,
• Peer field: Pub_Main_FW,
• Remote networks field: Private_Net_Main_Site.

On remote site B:

• Local network: Private_Net_Site_B,
• Peer field: Pub_Main_FW,
• Remote networks field: Private_Net_Main_Site.

Selecting the encryption policy and adding the VPN tunnel

In the menu Configuration > VPN > IPsec VPN > Encryption policy – Tunnels tab:

1. Select the encryption policy you wish to configure.
2. You can rename it later by clicking on Edit.
3. Click on Add to define the IPsec tunnel.
4. Select the Site-to-site tunnel model.
5. Fill in the fields in the wizard with the values adapted to each remote site.

On remote site A:

• Local network: Private_Net_Site_A,
• Remote network: Private_Net_Main_Site,
• Remote gateway: Pub_Main_FW,
• Certificate: the certificate created for the remote Firewall on site A.

On remote site B:

• Local network: Private_Net_Site_B,
• Remote network: Private_Net_Main_Site,
• Remote gateway: Pub_Main_FW,
• Certificate: the certificate created for the remote Firewall on site B.