The VPN Gateway that acts as the hub gateway needs a Site element.
Note: This configuration scenario does not explain all settings related to Site elements.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Right-click the VPN Gateway that acts as the hub gateway, then select .
-
In the
Name field, enter a unique name.
-
Add all networks protected by the spoke gateways to the site contents on the right.
After you add the protected networks, the site contains all remote IP addresses that are used in spoke-to-hub traffic that is forwarded from the hub to other spokes. The site should not contain the hub gateway’s local networks. These are defined using the automatic site management features in this example.
-
On the VPN References tab, select Enable for this VPN element, then deselect it for all other VPNs.
The site is still shown in all VPNs, but is grayed-out (disabled) and not included in the configuration.
-
In the
Mode cell, select
Hub to activate VPN hub-related features for the VPN Gateway.
-
Click
OK to close the dialog box.
You return to the main
VPN editing view.
-
Click the
Tunnels tab.
-
Check that the
Validity column in the
Gateway<->Gateway and the
End-Point<->End-Point tables has a green checkmark to indicate that there are no problems.
-
If the Validity column of a tunnel has a warning icon, see the Issues pane
to check what the problem is. If the pane is not shown, select .
-
If issues are shown, correct them as indicated. Long issues are easiest to read by hovering over the issue text so that the text is shown as a tooltip.
-
Click Save.
Next steps
Create Access rules.