Site-to-Site VPN Configuration Examples
| Where Can I Use This? | What Do I Need? |
|---|
This chapter discusses about some common site-to-site VPN deployments. In a
real-time scenario, deployments can have challenges where different sites use different
protocols to route the traffic. In the examples, we provide the step-by-step procedure
on how to configure the Layer 3 interface on each firewall, create a tunnel interface
and attach it to a virtual router and security zone, configure crypto profiles (IKE
Crypto profile for phase 1 and IPSec Crypto profile for phase 2), configure IKE gateway,
configure IPSec tunnel, and create policy rules to allow traffic between the sites.
- Site-to-site VPN deployment with static routes—The static routing example deployment consist of
different sites that use static routes for routing the traffic. Static routing does
not use any protocols.
Static routes require manual configuration on
every router in the network, rather than the firewall entering dynamic routes in
its route tables; even though static routes require that configuration on all
routers, they may be desirable in small networks rather than configuring a
routing protocol.
- Site-to-site VPN deployment with OSPF—The dynamic routing example deployment where the different
sites involved in the deployment use only OSPF for routing the traffic dynamically.
Dynamic routing uses various distance vector protocols. OSPF is one of the link
state protocols used for dynamic routing to adjust routes.
- Site-to-site VPN deployment with Static and Dynamic Routing—The deployment where the routing
protocol isn’t the same between the sites. In this deployment example, one site uses
static routes and the other site uses OSPF.
