Creating the Site_Spoke_A and Site_Spoke_B peers
In the menu Configuration > VPN > IPSec VPN > Peers tab:
- Click on Add.
- Choose New remote site.
The wizard will ask you to select the remote gateway. In this case, this gateway will be the public address of the Firewall on the Spoke A site (object Pub_FW_Spoke_A).
- By default, the name of the peer will be created by adding a prefix “Site_” to this object name; this name can be customized. Press Enter.
- Next, select the Certificate method.
- Click on the magnifying glass next to the Certificate field
- Select the certificate corresponding to the Hub Firewall.
The Trusted CA field is automatically entered by the certificate.
In the same way, create the Site_Spoke_B peer using the following values:
- Remote gateway: the Firewall of the Spoke B site (object Pub_FW_Spoke_B),
- Certificate: the certificate of the Hub Firewall.