Example: configuring route-based VPNs with external gateways

An example of creating a route-based VPN tunnel between an internal and external network.

The administrators at Company B want to create a route-based VPN tunnel between their own network and a partner’s network. The administrators:
  1. Create a Network element to represent the partner’s network.
  2. Define a Tunnel Interface on the Company B firewall that acts as the VPN Gateway.
  3. Configure routing to define a route to the partner’s network through the Tunnel Interface.
  4. Define an External VPN Gateway element to represent the partner company’s gateway device.
  5. Add a Route-Based VPN Tunnel element with the following settings:
    Local Gateway Remote Gateway
    • Gateway — VPN Gateway element that represents the firewall
    • Endpoint — Endpoint IP address in the Internal Network
    • Interface — Tunnel Interface defined on the firewall
    • Gateway — External VPN Gateway element
    • Endpoint — Endpoint IP address in the Partner Network
  6. Select an IPsec Profile and an encapsulation Mode that is compatible with the External VPN Gateway.
  7. Create an Access rule that allows traffic from the internal network to the partner network that is reachable through the route-based VPN.
  8. Refresh the policy on the firewall that acts as a VPN Gateway.