Configure a policy-based site-to-site VPN
Configure a policy-based site-to-site VPN to establish secure communication channels between network endpoints using crypto maps and specified network topologies.
Procedure
Step 1 | Choose Devices > Site To Site. Then click + Site To Site VPN, or edit a listed VPN topology. |
Step 2 | Enter a unique Topology Name and click the Policy Based (Crypto Map) radio button, and choose the Network Topology for this VPN. |
Step 3 | Choose the IKE versions to use during IKE negotiations. Check the IKEv1 or IKEv2 check box. Default is IKEv2. Select either or both options as appropriate; select IKEv1 if any device in the topology doesn't support IKEv2. You can also configure a backup peer for point-to-point extranet VPNs. For more information, see Firewall Threat Defense VPN endpoint options. |
Step 4 | Add Endpoints for this VPN deployment by clicking Add ( Configure each endpoint field as described in Firewall Threat Defense VPN endpoint options.
|
Step 5 | (Optional) Specify non-default IKE options for this deployment as described in Firewall Threat Defense VPN IKE options |
Step 6 | (Optional) Specify non-default IPsec options for this deployment as described in Firewall Threat Defense VPN IPsec options |
Step 7 | (Optional) Specify non-default Advanced options for this deployment as described in Firewall Threat Defense advanced site-to-site VPN deployment options and click Save. |
The policy-based site-to-site VPN is configured with the specified endpoints, IKE settings, and topology options.
What to do next
Deploy configuration changes.
Note | Some VPN settings are validated only during deployment. Be sure to verify that your deployment was successful. If you get an alert that your VPN tunnel is inactive even when the VPN session is up, follow the VPN troubleshooting instructions to verify and ensure that your VPN is active. |