Network Security Manager On-Premises Administration Guide

Technical Documentation>  VPN Topology>  IPSec VPN Topology>  Topologies>  Adding a VPN Topology>  Adding a Hub and Spoke
Table of Contents

Adding a Hub and Spoke

To add a hub and spoke

  1. Select a device that is part of a group from the Choose devices drop-down menu. You can also search for the device or group in the list by typing the name in the input field.

    You can only select a device that is part of a group.

  2. Enter the Hub details.

    WAN Interface Select a WAN Interface.
    Primary WAN IP Enter the primary gateway in the field.
    Secondary WAN IP Enter the secondary gateway in the field.
    Local IKE ID Criteria

    Choose from Firewall ID, IPV4 Address, Domain Name, Key Identifier, and Email Address.
    IKE ID

    This field is auto-populated if Firewall ID is selected as Local IKE ID Criteria and cannot be edited.

    Enter the IKE ID if any other option is selected.
    Protected Network/Local Network

    Select a network which will participate in VPN connection from hub side.

    Select an Address Object or Address Group from the drop-down menu. If the list is empty, you can add a new address object and group. Click the Edit icon to add or edit Address Object and Group.

  3. Click the caret icon next to the ADD SPOKE details.

  4. Select devices that are part of a group from the Choose devices drop-down menu and click Apply. You can also search for the devices or groups in the list by typing the name in the input field. The devices that are selected are displayed in a list.

    You can only select the devices that are part of a group.

    Hub and Spokes should not have overlapping IP Addresses in any of the fields.

  5. Select the Configuration Type to be used.

    Common Configuration

    Select this option to apply a common configuration to multiple devices.
    Per Spoke Select this option to apply a configuration to a specific device.

  6. Click the Edit icon in the ACTION column of the selected device if Per Spoke configuration is selected.

  7. Enter the configuration details.

    WAN Interface Select a WAN Interface.
    Local IKE ID Criteria

    Choose from Firewall ID, IPV4 Address, Domain Name, Key Identifier, and Email Address.
    IKE ID

    This field is auto-populated if Firewall ID is selected as Local IKE ID Criteria and cannot be edited.

    Enter the IKE ID if any other option is selected.
    Local Network

    Enter the local network IPV4 address.
  8. Check the box to enable or disable auto-increment local network.
  9. Click Accept For All for Common Configuration.
  10. Click Save for Per Spoke.