To establish a site-to-site VPN tunnel, complete the following configuration tasks:
• Add the subnet IP address objects for your local network and remote network. See Address Management, page 155.
• (Optional) Import the certificates for authentication between two peers. Skip this step if you want to use the pre-shared key for authentication. See Managing Certificates for Authentication, page 350.
• Enable the site-to-site VPN feature on the security appliance. See General Site-to-Site VPN Settings.
• Configure IKE policies. See Configuring IKE Policies.
• Configure transform policies. See Configuring Transform Sets.
• Configure IPsec VPN policies. See Configuring IPsec VPN Policies.
• (Optional) Check an enabled IPsec VPN policy and click the Connect icon to initiate the VPN connection.
When a site-to-site IPsec VPN policy is in place and enabled, a connection will be triggered by any traffic that matches the policy. In this case, the VPN tunnel will be set up automatically. However, for an IPsec VPN policy in which this router’s Remote Network is set to Any (a “site-to-any” tunnel), a connection cannot be set up automatically. Instead you must manually establish the VPN connection by clicking the Connect icon.
• View the status and statistic information for all IPsec VPN sessions. See Viewing IPsec VPN Status.