Using security policies as a concentrator
To enable communication between two spokes, you need to define an ACCEPT security policy for them. To allow either spoke to initiate communication, you must create a policy for each direction. This procedure describes a security policy for communication from Spoke 1 to Spoke 2. Others are similar.
1. Define names for the addresses or address ranges of the private networks behind each spoke. For more information, see
“Defining policy addresses”.
2. Go to Policy > Policy > Policy and select Create New.
3. Leave the Policy Type as Firewall and leave the Policy Subtype as Address.
4. Enter the settings and select OK.
Incoming Interface | Select the IPsec interface that connects to Spoke 1. |
Source Address | Select the address of the private network behind Spoke 1. |
Outgoing Interface | Select the IPsec interface that connects to Spoke 2. |
Destination Address | Select the address of the private network behind Spoke 2. |
Action | Select ACCEPT. |
Enable NAT | Enable. |