Add a VPN site
The Site element defines the internal IP addresses that can send or receive traffic through the policy-based VPN.
You must define sites for all NGFW Engines and External VPN Gateways that are used in policy-based VPNs. You must also define sites for NGFW Engines and External VPN Gateways that are used in route-based VPN tunnels in which the value of the Encryption option is Tunnel Mode.
By default, each site is included in all VPNs where the gateway is used. Individual sites can be manually disabled in any VPN without affecting the other VPNs. It is not possible to partially disable sites. If the IP address space must be different in different VPNs, you need several sites. You can add as many Site elements as you need.
If traffic in the tunnel is subject to NAT, you must add the NAT addresses to the site. For NGFW Engines, you must add both the NAT addresses and any untranslated IP addresses that are not automatically added to the site. Sites for External VPN Gateways only require the translated address space that the NGFW Engine actually contacts.
The local and remote site definitions must match the same information about the other gateways involved in the VPN because the gateways verify this information during IKE negotiation. It might also make a difference whether addresses are entered as individual IP addresses, address ranges, or networks.
For more details about the product and how to configure features, click Help or press F1.
Steps
Next steps
VPN Site Properties dialog box
Use this dialog box to view the properties of the VPN Client Site.
Option | Definition |
---|---|
Name | Specifies the unique name of the element. |
Comment | Shows a comment for the element. |
Search | Opens a search field for the selected element list. |
Up (Backspace) | Returns to the previous folder. |
New | This option is not available in this dialog box. |
Tools |
|