Configuring Full-Mesh Site-to-Site VPNs

There are several steps to configuring a full-mesh site-to-site VPN.

Every gateway must be configured with a tunnel to every other gateway.

  1. Create local and remote address objects that you will need during the VPN configuration.

    Adding/Editing IP Address/FQDN Objects

    For information about what address objects are needed, you can review the example: Example: Full-Mesh Site-to-Site VPN

  2. Choose which IPsec policy to use when configuring the IPsec VPN connections.

    IPsec policies are selected when configuring an IPsec VPN connection. You can use the Default IPsec policy, use another existing policy, or you can add a new IPsec policy.

    Adding an IPsec Policy

  3. On the central hub gateway, configure a tunnel to every remote gateway.

    Adding an IPsec VPN Connection

  4. On every remote gateway, configure a tunnel to every remote gateway and back to the central hub.

    Adding an IPsec VPN Connection

  5. Optional: Configure advanced options for site-to-site VPN settings including dead peer detections and enabling IKE debugging.

    Configuring Advanced Site-to-Site VPN Settings