Site to site (Gateway-Gateway)
This tab will allow a VPN tunnel to be created between two network devices that support IPSec. This procedure is also called: Gateway to Gateway VPN tunnel.
Several tutorials show you step by step how to configure a secure connection between your sites. Click on one of the links to access a tutorial:
- IPSec VPN: Authentication by pre-shared key,
- IPSec VPN: Authentication by certificate,
- IPSec VPN: Hub and spoke configuration.
|Search||Searches will be performed on the name of the object and its various properties, unless you have specified in the preferences of the application that you would like to restrict this search to object names only.|
|Add||The Add button will be covered in the following section.|
|Delete||Select the IPSec VPN tunnel to be removed from the table and click on this button.|
|Move up||Places the selected line before the line just above it.|
|Move down||Places the selected line after the line just below it.|
|Cut||Cuts the selected line to paste it.|
|Copy||Copies the selected line to duplicate it.|
|Paste||Duplicates the selected line after it is copied.|
|Show details||To ease the configuration of the tunnel with a remote device (gateway or mobile client), click on this icon to view information on the IPSec policy:
|Search in logs||When a name is assigned to the IPSec rule, clicking on this button will run a search by the name of the rule in the IPSec VPN log and show the results.|
|Search in monitoring||Clicking on this button will open the screen to monitor IPSec tunnels (Monitoring tab > Monitoring module > IPSec VPN tunnels).|
In order to configure the tunnel, select the VPN policy in which you wish to set it up. The IPSec VPN policy wizard will guide you through the configuration.
Standard site-to-site tunnel
Here, you will define each of the endpoints for your tunnel as well as for your peer.
|Local resources||Host, host group, network or network group that will be accessible via the IPSec VPN tunnel.|
|Peer selection||This is the object that corresponds to the public IP address of the tunnel endpoint, or of the remote VPN peer. By default the drop-down list shows “None”. You can create peers in the following option or select an existing peer from the list.|
|Create a peer||Define the parameters for your peer. Several steps are necessary:
Step 1: Select the gateway.
Step 2: Identify the peer.
Two choices are possible:
NOTE To define an ASCII pre-shared key that is sufficiently secure, you must follow the same rules for user passwords set out in the section Welcome, under the section User awareness, sub-section User password management.
|Remote networks||Host, host group, network or network group accessible through the IPSec tunnel with the peer.|
Separator (rule grouping)
This option allows inserting a separator above the selected line. This allows the administrator to create a hierarchy for his tunnels according to his needs.