Configure a Route-Based Site-to-Site VPN Connection

Step 1

Choose Devices > Template Management.

Step 2

Click the edit icon adjacent to the device template that you want to edit.

Step 3

Click the VPN tab.

Step 4

Click Add VPN Connection.

Step 5

Choose a route-based site-to-site VPN topology from the VPN Topology drop-down list.

1. From the Virtual Tunnel Interface (VTI) drop-down list, choose a VTI interface or click () to create a new VTI.

   VTI is a virtual interface used to establish a route-based VPN tunnel. You must configure routing policies for a VTI to set up a VPN tunnel. This list contains all the VTIs configured on the device template. For more information on creating a VTI, see Add a VTI Interface.

2. Check the Use Public IP Address check box to override the tunnel source IP address and configure a public IP address variable for the VTI. Click () to create a new public IP address variable.

   This IP address is the source IP address for the VPN tunnel. By default, this is the IP address of the VPN interface. However, if the device is behind NAT, the VPN interface has a private address, but the post-NAT public IP address should be configured.

3. Check the Local Tunnel (IKE) Identity check box to enable a unique and configurable identity for the VPN tunnel from the spoke to a remote peer.

4. Identity Type: Key ID is the only supported identity type. Choose a key ID variable from the drop-down list or click () to create a new key ID variable.

5. (Optional) Check the Enable Secondary VPN Tunnel check box to configure the parameters for the secondary VPN tunnel.

6. Click OK.

   You can view the VPN connection in the Site-to-Site VPN Connections table.

Step 6

Click Save.