Create a Site-to-Site VPN Connection
This procedure allows you to create a site-to-site VPN tunnel connection between your gateway and an ASA device, Azure, AWS, and GCP cloud service providers or even a third party firewall of your choice.
Note | When entering the virtual interface IP address, we strongly recommend using an IP from the 169.254.xx/16 range, excluding the threat defense reserved range 169.254.1.x/24. For the net mask, we recommend using /30; this allows you to only use two IP addresses for the endpoints of the virtual tunnel interface connection. For example, 169.254.100.1/30. |
Use the following procedure to create an site-to-site VPN tunnel using the Multicloud Defense Controller dashboard:
Before you begin
You must have at least one IPSec profile already created prior to creating a VPN connection tunnel.
We strongly recommend creating a BGP profile and add it to your Multicloud Defense Gateway before you create a VPN tunnel connection. See BGP Profile for more information.
Procedure
Step 1 | Navigate to . |
Step 2 | Click Create VPN Connection. |
Step 3 | Enter a Name for the connection. |
Step 4 | Expand the Device 1 drop-down menu to select a Multicloud Defense Gateway or manually enter a public IP address of a remote endpoint. |
Step 5 | Enter the Device 1 Virtual Interface IP address. Read the Note at the beginning of this procedure for guidance on how to optimize this field. |
Step 6 | Expand the Device 2 drop-down menu to select your Multicloud Defense Gateway or manually enter a public IP address of a remote endpoint. Do not use the same device or gateway for both device 1 and device 2. |
Step 7 | Enter the Device 2 Virtual Interface IP address. Read the Note at the beginning of this procedure for guidance on how to optimize this field. |
Step 8 | Enter the Authentication Value for the tunnel. At this time, PreShared Key is the preferred authentication method. |
Step 9 | Expand the IPSec Profile drop-down menu to select a profile that has already been created. |
Step 10 | Click Save. |
What to do next
View the connection status to review the statistics for incoming and outgoing bytes at both ends of the connection.
If you want to associate a BGP profile with your VPN tunnel connection, create a gateway or edit an existing one and add the desired BGP profile. Note that the IPSec profile of the VPN connection remains the primary profile used and the BGP profile is executed on top of the IPSEC tunnel with the remote peer.