Example VPN configuration 2: create a Policy-Based VPN element

You must add a Policy-Based VPN element for this configuration.

Before you begin

You must have created a VPN Profile for configuration 2.

Note: This configuration scenario does not explain all settings related to Policy-Based VPN elements.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click Policy-Based VPNs in the element tree, then select New Policy-Based VPN.
  2. In the Name field, enter a unique name.
  3. From the Default VPN Profile drop-down list, select the VPN profile.
  4. If you want to apply NAT rules to the communications that go through the VPN, select Apply NAT to traffic that uses this VPN.
    This setting does not affect the communications that the two gateways have with each other to set up and maintain the VPN. Communications between the gateways are always matched to the automatic rules or the NAT rules.
  5. Click OK.
    The VPN Editing view opens on the Site-to-Site VPN tab.
  6. Drag and drop the VPN Gateway element that represents the firewall to Central Gateways.
  7. Drag and drop the External VPN Gateway element to Satellite Gateways.
  8. On the Tunnels tab, double-click the Key cell for the tunnel shown in the Gateway<->Gateway pane.
  9. To match the pre-shared key between the two gateways:
    • To use the key that is automatically generated on the Management Server, click Export, then transfer the key securely to the external gateway.
    • To use a different key, replace the shown key with the one that you have agreed on with the administrator of the external gateway device.
    CAUTION:
    The pre-shared key must be long and random to provide a secure VPN. Change the pre-shared key periodically (for example, monthly).
  10. Click OK to close the Pre-Shared Key dialog box.
  11. Make sure that the Validity column in the Gateway<->Gateway and the End-Point<->End-Point tables has a green check mark to indicate that there are no problems.
    1. If the Validity column of a tunnel has a warning icon, see the Issues pane to check what the problem is. If the pane is not shown, select Menu > View > Panels > Issues.
    2. If issues are shown, correct them as indicated. Long issues are easiest to read by hovering over the issue text so that the text is shown as a tooltip.
  12. Click Save.

Next steps

Create Access rules.