Configuring a Site-to-Site VPN with ESG firewall

Summary

This articles covers configuration for a site-to-site VPN link between two ESG firewalls using OpenVPN. 

A site-to-site VPN links two remote networks as if were directly connected, even if these networks are many hops apart across an untrusted circuit such as the Internet.

The clients behind the ESG firewalls at both ends need to know nothing about the VPN connection and will be able to access local and remote networks (behind remote firewall).

Prerequisites

Before starting, the following must be complete:

  • The firewalls at both sites must be configured and working properly.
  • Both locations must NOT have overlapping LAN ip subnets. For example the LAN behind FW-1 (i.e 192.168.1.0) should be different from the LAN behind FW-2 (i.e 192.168.2.0). This is not a limitation of the ESG firewall but of basic IP routing.

Configuring the VPN Tunnel

@ Site A

 Skip the below steps if you have already configured your OpenVPN settings.

Login to your FW at site 1 and click on VPN Server -> OpenVPN configuration .

 

 

Define the FW VPN settings :