Network Security Management Administration Guide

VPN Topology > IPsec VPN Topology > Topologies > Hub and Spoke Topology

Hub and Spoke

Basic Information

Topology Name : Enter a name to identify the Topology.
Description : This field is a mandatory field to move to the next screen. You can enter a short description to identify the topology.
Topology Type : Choose a type from the options :
- Hub and Spoke - The network design where the central device is located.
IP Version : The version of IP that can be used.
- IPV4 - 32-Bit IP address which is numeric.
- IPV6 - 128-Bit IP address which is alpha-numeric.
Policy Type : Type of the policy
- Site to Site - Choose this option if there is a connection between two or more networks
- Tunnel Interface - Choose this option to create connection between peers and Virtual Tunnel Interfaces.

Setup Security Association

Choose a security association from the drop down list.

The list is displayed only if there are any existing security associations available. To know how to add security association, refer Adding Security Association.

Once the security association is selected from the list, two tabs appear which displays the information while creating the security association. For more information on how to add Security Association, refer Security Associations.

Setup Gateway

This screen allows you to add the topology type you selected in the previous screen.

Add Hub

From the Choose devices drop down, select devices that are part of a group. You can also search for the devices or groups in the list by typing the name in the input field.
You can only select the devices that are part of a group.
After selecting a device, you are required to choose the following options
1. Choose Devices - Choose devices from the drop down list.
2. WAN Interface - From the drop down list, select WAN Interface.
3. Primary Gateway - Enter the primary gateway in the text box.
4. Secondary Gateway - Enter the secondary gateway in the text box.
5. Local IKE ID Criteria - Click the radio button to choose from Firewall ID, IPV4 Address, Domain Name, Key Identifier, and Email Address.
6. IKE ID - This field is auto-populated and cannot be edited.
7. Protected Networks - From the drop down list, select the network. Click the Edit icon to add or edit Address Object and Group.

Add Spoke

From the Choose devices drop down, select groups or devices by checking the box. You can also search for the devices or groups in the list by typing the name in the input field. Click Apply to select the device. The devices that are selected are displayed in a list.
Hub and Spokes should not have overlapping IP Addresses in any of the fields.
To use the common configuration, click Common Configuration icon.
After selecting the common configuration, you are required to choose the following options :
1. Reference Device - From the drop down list, select the reference device.
2. WAN Interface - Choose WAN interface from the list. The options get enabled only after selecting Reference device.
3. Local IKE ID Criteria - Click the radio button to choose from Firewall ID, IPV4 Address, Domain Name, Key Identifier, and Email Address.
  You can now add or create variable objects in common configuration. Click the variable icon and select new to create a new variable or choose an existing variable.
4. IKE ID - This field is auto-populated and cannot be edited.
5. Local Network - Enter the local network IPV4 address.
6. Check the box to enable or disable auto-increment local network.
To edit the configuration of the device, go to the Action column and select Edit icon.

Summary

This is the last step to create a VPN Topology. It displays the summary of the selected hub and spokes with the Device Name, VPN Interface, Status and Errors. In case if there are any errors, you are required to view and resolve them before adding a topology.

Click Done to finish and exit the wizard or Previous to go back to the previous screen.

< Prev Section

Next Section >