Giving VPN access to more hosts

If you want to give access to hosts with IP addresses that are not already configured for your policy-based VPN, you must follow several general steps.

With route-based VPNs, it is not necessary to change the VPN configuration to allow access through the VPN for more hosts. Any traffic that is routed to a tunnel interface and allowed by the Access rules automatically uses the route-based VPN tunnel.

In policy-based VPNs, proceed according to this general workflow:
  1. Make sure that the IP addresses are included in one of the Sites of the correct gateway. If the IP addresses must not be included in other VPNs where the same gateway element is used, add them to a separate Site. Disable the Site in other VPNs.
  2. (VPN with external gateways) Add the new IP addresses to the configuration of the external gateway device, so that it routes the traffic through the VPN.
  3. Check that the Access rules of all gateways involved specify that this traffic is sent or allowed through the policy-based VPN. If NAT is enabled in the policy-based VPN, also check the NAT rules.