• phase 1 authentication parameters to initiate a connection with the hub

• phase 2 tunnel creation parameters to establish a VPN tunnel with the hub

• a source address that represents the network behind the spoke. This is the only part of the configuration that is different for each spoke.

• a destination address that represents the aggregate protected network

• a security policy to enable communications between the spoke and the aggregate protected network