Creating the IPsec tunnel

  1. Click on Configuration > VPN > IPsec VPN.
  2. Select the encryption policy you wish to configure.
    You can rename it by clicking on Edit.
  3. Click on Add > Site-to-site tunnel.
    A wizard will automatically launch:
  4. In the Local network field, select your object Private_Net_Main_Site.
  5. In the Remote network field, select the object Private_Net_Remote_Site.
  1. Next, select a peer.
    If the peer you wish to use does not yet exist, as in this example, you can create it by clicking on the hyperlink Create a peer (this step corresponds to the parameters that can be defined directly in the Peer tab in the menu Configuration > VPN > IPsec VPN).
  2. The wizard will then ask you to select the remote gateway: in this current case, this is the public address of the remote Firewall (object Pub_Remote_FW). By default, the name of the peer will be created by adding a prefix “Site_” to this object name; this name can be customized:
  3. Next, select the authentication method: select the method “Pre-shared key (PSK)”.
  4. In the fields Pre-shared key (ASCII) and Confirm, enter a complex password that will be exchanged between both sites in order to set up the IPsec tunnel, and then confirm.


To define a pre-shared key that is sufficiently secure, you are advised to do the following:

  • Keep to a minimum length of 8 characters,
  • Use uppercase and lowercase letters, numbers and special characters,
  • Do not use a word found in a dictionary for your password.

Example: 7f4V8!>Xdu.

  1. The wizard will then show a summary of the peer that you have just created.
  2. Click on Finish to close this window.
  3. Click again on Finish to close the wizard. The IPsec tunnel is now defined on the main site and the tunnel will automatically be enabled (Status “on”):
  4. Click on Enable this policy.