Case no.2: configuring the central site (Hub)
On the Hub site you will have to:
Following the method described in the paragraph Creating the Site_Spoke_A and Site_Spoke_B peers in Case no. 1, create both peers Site_Spoke_A and Site_Spoke_B.
To define Site_Spoke_A, use the following values:
- remote gateway: Firewall of the Spoke A site (object Pub_FW_Spoke_A),
- Certificate: the certificate of the Hub Firewall.
To define Site_Spoke_B:
- remote gateway: Firewall of the Spoke B site (object Pub_FW_Spoke_B),
- Certificate: the certificate of the Hub Firewall.
Follow the method described in the paragraph Creating tunnels in Case no. 1 to define the following VPN tunnels:
Define the filtering rules needed for exchanges between Spoke sites, Spoke sites and the Hub as well as local traffic to the Internet:
To allow all hosts on private networks to access the internet, create the following NAT rule:
Sources have been indicated individually in this rule, but obviously groups will need to be used once the number of satellite sites increases.