Example: configuring route-based VPNs with external gateways
An example of creating a route-based VPN tunnel between an internal and external network.
The administrators at Company B want to create a route-based VPN tunnel between their own network and a partner’s network. The administrators:
- Create a Network element to represent the partner’s network.
- Define a Tunnel Interface on the Company B firewall that acts as the VPN Gateway.
- Configure routing to define a route to the partner’s network through the Tunnel Interface.
- Define an External VPN Gateway element to represent the partner company’s gateway device.
- Add a Route-Based VPN Tunnel element with the following settings:
Local Gateway Remote Gateway - Gateway — VPN Gateway element that represents the firewall
- Endpoint — Endpoint IP address in the Internal Network
- Interface — Tunnel Interface defined on the firewall
- Gateway — External VPN Gateway element
- Endpoint — Endpoint IP address in the Partner Network
- Select an IPsec Profile and an encapsulation Mode that is compatible with the External VPN Gateway.
- Create an Access rule that allows traffic from the internal network to the partner network that is reachable through the route-based VPN.
- Refresh the policy on the firewall that acts as a VPN Gateway.