Creating IPsec tunnels

An IPsec tunnel that goes through virtual interfaces has the particularity of using these local and remote interfaces as traffic endpoints. The IPsec peer is defined ordinarily by its public IP address.

• In the IPsec VPN module, create a new tunnel by clicking on Add then selecting Site to site.
• For the Local network field, select the local virtual interface Firewall_TunWAN1,
• For the Remote network field, select the object RemoteTunWAN1,

Create (or select it if it exists) a peer whose remote gateway will be an object representing the public IP address dedicated to the WAN1 link of the remote firewall.
Note that the version of the IKE protocol must be the same for all peers used in the IPsec VPN policy.

Following the same method, create two other tunnels with the following values:

Tunnel for the WAN2 link

• Local network: virtual interface Firewall_TunWAN2,
• Remote network: object RemoteTunWAN2,
• Peer's gateway: host object with the same public IP Address dedicated to the WAN2 link of the remote firewall.

Tunnel for the WAN3 link

• Local network: virtual interface Firewall_TunWAN3,
• Remote network: object RemoteTunWAN3,
• Peer's gateway: host object with the same public IP Address dedicated to the WAN3 link of the remote firewall.

The IPsec VPN policy will therefore resemble: