Configuring Peer-to-Peer Site-to-Site VPNs

There are several steps to configuring a peer-to-peer site-to-site VPN.

In the peer-to-peer configuration, a local gateway is connected to a single remote gateway.

  1. Create local and remote address objects that you will need during the VPN configuration.

    Adding/Editing IP Address/FQDN Objects

  2. Choose which IPsec policy to use when configuring the IPsec VPN connections.

    IPsec policies are selected when configuring an IPsec VPN connection.

    You can use the Default IPsec policy, use another existing policy, or you can add a new IPsec policy.

    Adding an IPsec Policy

  3. On one of the peer devices, set up a connection to the other peer device.

    Adding an IPsec VPN Connection

  4. On the other peer device, set up a connection back to the first device.

    Adding an IPsec VPN Connection

  5. Optional: Configure advanced options for site-to-site VPN settings including dead peer detections and enabling or disabling IKE debugging.

    Configuring Advanced Site-to-Site VPN Settings

Parent topic: Site-to-Site VPN