Follow

IPsec: Hub and Spoke configuration

Applies to platform: UTM 3.0.5 and later
Last Update: 16 May 2019

OVERVIEW

With this setup we will configure a central hub that will let in communication with each others two spokes. In this sample scenario,we will centralize communication between all sites to Head quarter that will act as a Hub. Branch offices will act as Spokes and communicate each others through the Head quarter.

 

IPsec_2_.png

 

Hub setup (Head Quarter)

Login on the appliance and under VPN > IPsec > IPsec click on Add new connection and set up the tunnel for branch office B as show below.

Warning

Please set a strong pre-shared key, do not use the one present in this article!

datacenter_to_b.pngDatacenter_to_B2.png

and press Add.

Add a second tunnel for the Branch office A as shown below

datacenter_to_A.pngDatacenter_to_B2.png

and press Add.

Add firewall rules from Firewall > VPN Traffic > Add a new VPN firewall rule to allow communication between branch offices and Head quarter. Create a rule to Allow traffic from Branch office A to Head Quarter and Branch office B

mceclip0.png

and press Create rule.

Add a new rule to Allow traffic from Branch office B to Head Quarter and Branch office A

mceclip1.png

and press Create rule.

At this point we will go ahead and configure each branch office.

Branch office A setup (Spoke)

Login on the appliance and under VPN > IPsec > IPsec click on Add new connection and set up the tunnel for branch office B and Head quarter as show below.

branchatodatacenter.pngDatacenter_to_B2.png

and press Add.

Add firewall rules from Firewall > VPN Traffic > Add a new VPN firewall rule to allow communication between branch offices and Head quarter. Create a rule to Allow traffic from Branch office A to Head Quarter and Branch office B

mceclip2.png

and press Create rule.

Add a new rule to Allow traffic from Branch office B and Head Quarter to Branch office A

mceclip3.png

and press Create rule.

Branch office B setup (Spoke)

Login on the appliance and under VPN > IPsec > IPsec click on Add new connection and set up the tunnel for branch office A and Head quarter as show below.

branchbtodatacenter.pngDatacenter_to_B2.png

and press Add.

Add firewall rules from Firewall > VPN Traffic > Add a new VPN firewall rule to allow communication between branch offices and Head quarter. Create a rule to Allow traffic from Branch office B to Head Quarter and Branch office A

mceclip4.png

and press Create rule.

Create a rule to Allow traffic from Branch office A to Head Quarter and Branch office B

mceclip5.png

and press Create rule.

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request

Comments