Create a Site-To-Site VPN using the Simple Configuration
Procedure
Step 1 | In the left pane, choose . | ||
Step 2 | Click > Site-to-Site VPN with FDM label.
| ||
Step 3 | Enter a unique topology Configuration Name. We recommend naming your topology to indicate that it is an FDM-managed device VPN, and its topology type. | ||
Step 4 | Choose the endpoint devices for this VPN deployment from Devices. | ||
Step 5 | If you choose an extranet device in Peer 2, select Static, and specify an IP address or select Dynamic for extranet devices with DHCP assigned IP. The IP Address displays the IP address for static interface or DHCP Assigned for the dynamic interface. | ||
Step 6 | Choose the VPN Access Interface for the for the endpoint devices.
| ||
Step 7 | Click the blue plus button to add the Protected Networks for the participating devices. | ||
Step 8 | (Optional) Select NAT Exempt to exempt the VPN traffic from NAT policies on the local VPN access interface. It must be configured manually for individual peers. If you do not want NAT rules to apply to the local network, select the interface that hosts the local network. This option works only if the local network resides behind a single routed interface (not a bridge group member). If the local network is behind more than one routed interface or one or more bridge group members, you must manually create the NAT exempt rules. For information on manually creating the required rules, see Exempting Site-to-Site VPN Traffic from NAT. | ||
Step 9 | Click Create VPN, and then click Finish. | ||
Step 10 | Perform the additional mandatory configuration. See Configure networking for protected traffic between the Site-To-Site Peers. The Site-To-Site VPN is configured. |