Create a Site-To-Site VPN using the Advanced Configuration

1. Enter a unique topology Configuration Name. We recommend naming your topology to indicate that it is an FDM-managed devicee VPN, and its topology type.

2. Choose the endpoint devices for this VPN deployment from Devices.

3. If you choose an extranet device, select Static and specify an IP address or select Dynamic for extranet devices with DHCP assigned IP. The IP Address displays the IP address for static interface or DHCP Assigned for the dynamic interface.

4. Choose the VPN Access Interface for the endpoint devices.

1. Select either or both options as appropriate.

   Note	By default, IKEV Version 2 is enabled and the IKEV2 POLICIES.

2. Click the blue plus button and select the IKEv2 policies.

   Click Create New IKEv2 Policy to create new IKEv2 policies. Alternatively, you can go to the CDO navigation bar and click Objects > FDM Objects, then click > IKEv2 Policy. For more information about creating new IKEv2 policies, see the Configuring IKEv2 Policies. To delete an existing IKEv2 Policy, hover-over the selected policy and click the x icon.

3. Click IKE Version 1 to enable it.

4. Click the blue plus button and select the IKEv1 policies. Click Create New IKEv1 Policy to create new IKEv1 policies. Alternatively, you can go to the CDO navigation bar and click Objects > FDM Objects , then click > IKEv1 Policy. For more information about creating new IKEv1 policies, see the Configuring IKEv1 Policies. To delete an existing IKEv1 Policy, hover-over the selected policy and click the x icon.

5. Enter the Pre-Shared Key for the participating devices. Preshared keys are secret key strings configured on each peer in the connection. These keys are used by IKE during the authentication phase.

   • (IKEv2) Peer 1 Pre-shared Key, Peer 2 Pre-shared Key: For IKEv2, you can configure unique keys on each peer. Enter the Pre-shared Key. You can click the Show Override button and enter the appropriate pre-shared for the peer. The key can be 1-127, alphanumeric characters. The following table describes the purpose of the pre-shared key for both peers.

     	Local Pre-shared Key	Remote Peer Pre-shared Key
     Peer 1	Peer 1 Pre-shared Key	Peer 2 Pre-shared Key
     Peer 2	Peer 2 Pre-shared Key	Peer 1 Pre-shared Key

   • (IKEv1) Pre-shared Key: For IKEv1, you must configure the same preshared key on each peer. The key can be 1-127, alphanumeric characters. In this scenario, Peer 1 and Peer 2 use the same pre-shared key to encrypt and decrypt data.

6. Click Next.

For more information on the IPSec settings, see the About IPsec Proposals.

1. Click the blue plus button and select the IKEv2 proposals. To delete an existing IKEv2 Proposal, hover-over the selected proposal and click the x icon.

   Note	Click Create New IKEv2 Proposal to create new IKEv2 proposals. Alternatively, you can go to the CDO navigation bar and click Objects > FDM Objects, then click > IKEv2 IPSec Proposal.

   For more information about creating new IKEv2 policies, see the Configuring IPSec Proposals for IKEv2.

2. Choose the Diffie-Hellman Group for Perfect Forward Secrecy. For more information, see Deciding Which Diffie-Hellman Modulus Group to Use.

3. Click Create VPN.

4. Read the configuration and then click Finish if you're satisfied.

5. Perform the additional mandatory configuration. See Configure networking for protected traffic between the Site-To-Site Peers.