Create a Site-To-Site VPN using the Simple Configuration

Procedure


Step 1

In the left pane, choose Secure Connections > Site to Site VPN > ASA & FDM.

Step 2

Click the blue plus button to create a VPN Tunnel.

Note

Alternatively, you can create the Site-to-Site VPN connection from the Security Devices page.

  1. In the left pane, click Security Devices.

  2. Select two FDM-managed devices that you want to configure. If you select an extranet device, specify the extranet device's IP address.

  3. In the right-page, under Device Actions, click Create Site-to-Site VPN.

Step 3

Enter a unique topology Configuration Name. We recommend naming your topology to indicate that it is an FDM-managed device VPN, and its topology type.

Step 4

Choose the endpoint devices for this VPN deployment from Devices.

Step 5

If you choose an extranet device in Peer 2, select Static, and specify an IP address or select Dynamic for extranet devices with DHCP assigned IP. The IP Address displays the IP address for static interface or DHCP Assigned for the dynamic interface.

Step 6

Choose the VPN Access Interface for the for the endpoint devices.

Note

If one or both endpoint devices have dynamic IP addresses, see Configure Site-to-Site VPN Connections with Dynamically-Addressed Peers for additional instructions.

Step 7

Click the blue plus button to add the Protected Networks for the participating devices.

Step 8

(Optional) Select NAT Exempt to exempt the VPN traffic from NAT policies on the local VPN access interface. It must be configured manually for individual peers. If you do not want NAT rules to apply to the local network, select the interface that hosts the local network. This option works only if the local network resides behind a single routed interface (not a bridge group member). If the local network is behind more than one routed interface or one or more bridge group members, you must manually create the NAT exempt rules. For information on manually creating the required rules, see Exempting Site-to-Site VPN Traffic from NAT.

Step 9

Click Create VPN, and then click Finish.

Step 10

Perform the additional mandatory configuration. See Configure networking for protected traffic between the Site-To-Site Peers.

The Site-To-Site VPN is configured.