Site-to-Site VPN Configuration Examples
Focus
Focus
Network Security

Site-to-Site VPN Configuration Examples

Table of Contents

Site-to-Site VPN Configuration Examples

Where Can I Use This?What Do I Need?
  • PAN-OS
No license required
This chapter discusses about some common site-to-site VPN deployments. In a real-time scenario, deployments can have challenges where different sites use different protocols to route the traffic. In the examples, we provide the step-by-step procedure on how to configure the Layer 3 interface on each firewall, create a tunnel interface and attach it to a virtual router and security zone, configure crypto profiles (IKE Crypto profile for phase 1 and IPSec Crypto profile for phase 2), configure IKE gateway, configure IPSec tunnel, and create policy rules to allow traffic between the sites.
  • Site-to-site VPN deployment with static routes—The static routing example deployment consist of different sites that use static routes for routing the traffic. Static routing does not use any protocols.
    Static routes require manual configuration on every router in the network, rather than the firewall entering dynamic routes in its route tables; even though static routes require that configuration on all routers, they may be desirable in small networks rather than configuring a routing protocol.
  • Site-to-site VPN deployment with OSPF—The dynamic routing example deployment where the different sites involved in the deployment use only OSPF for routing the traffic dynamically. Dynamic routing uses various distance vector protocols. OSPF is one of the link state protocols used for dynamic routing to adjust routes.
  • Site-to-site VPN deployment with Static and Dynamic Routing—The deployment where the routing protocol isn’t the same between the sites. In this deployment example, one site uses static routes and the other site uses OSPF.