Configuring Star Site-to-Site VPNs

There are several steps to configuring a star site-to-site VPN.

First, the central hub gateway must be configured with a tunnel connection to every remote gateway. Then, every remote gateway must be configured with a connection back to the central hub.

  1. Create local and remote address objects that you will need during the VPN configuration.

    Adding/Editing IP Address/FQDN Objects

    For information about what address objects are needed, you can review the example: Example: Star Site-to-Site VPN

  2. Choose which IPsec policy to use when configuring the IPsec VPN connections.

    IPsec policies are selected when configuring an IPsec VPN connection. You can use the Default IPsec policy, use another existing policy, or you can add a new IPsec policy.

    Adding an IPsec Policy

  3. On the central hub gateway, set up a connection to each spoke device.

    Adding an IPsec VPN Connection

  4. On each spoke gateway, set up a connection to the hub device.

    Adding an IPsec VPN Connection

  5. Optional: Configure advanced options for site-to-site VPN settings including dead peer detections and enabling or disabling IKE debugging.

    Configuring Advanced Site-to-Site VPN Settings