Configure a Policy-Based Site-to-Site VPN Connection

Step 1

Choose Devices > Template Management.

Step 2

Click the edit icon adjacent to the device template that you want to edit.

Step 3

Click the VPN tab.

Step 4

Click Add VPN Connection.

Step 5

Choose a policy-based site-to-site VPN topology from the VPN Topology drop-down list.

1. From the VPN Interface drop-down list, choose a WAN-facing or internet-facing physical interface to establish a VPN connection with the hub.

   This list contains all the interfaces configured on the device template.

   Do one of the following to configure the IP address of the VPN interface:

   • Click the Use IP Address from the VPN Interface radio button to use the IP address of the VPN interface.

     This IP address is auto populated. For IPv6 addresses, choose an IPv6 address from the drop-down list.

   • Click the Use Public IP Address radio button to configure a public IP address for the VPN interface.

     Choose an IP address variable from the drop-down list or click () to add an IP address variable.

2. Check the Local Tunnel (IKE) Identity check box to enable a unique and configurable identity for the VPN tunnel from the spoke to a remote peer.

3. Identity Type: Key ID is the only supported identity type. Choose a key ID variable from the drop-down list or click () to add a new key ID variable.

4. Protected Networks: Click () to configure a protected network for the VPN connection.

   Do one of the following:

   • Choose a protected network and click OK.

   • Click Add to configure a network object and click Save.

     When you create a protected network object, note the following:

     • Click either the Host or the Network radio button.

     • Check the Allow Overrides check box.

5. Click OK.

   You can view the VPN connection in the Site-to-Site VPN Connections table.

Step 6

Click Save.