Configuration 2: Basic VPN with a partner gateway

This scenario walks you through creating a site-to-site VPN between one NGFW Engine and one external VPN gateway that is not managed through the same SMC.

To be able to configure this example VPN, your local firewall must have a fixed IP address (not DHCP- or PPPoE-assigned).

The address spaces protected by the different VPN Gateways must not overlap within any single VPN. If you use the same IP addresses at the different locations, you must apply NAT to the communications and define the Sites using the translated IP addresses. The translated addresses are the addresses that are used inside the VPN tunnels.

You can create VPNs with IPsec-compliant gateway devices from many different manufacturers. You can create VPNs with partner organizations that use a third-party VPN solution. The authentication and encryption options to use must be decided beforehand in co-operation with the administrator of the other gateway.

This scenario creates a VPN Profile that contains the VPN settings that you match with settings defined on the external VPN gateway.