Preparing Basic VPN Components
After you have determines how you want to configure your VPN, you can begin preparing the VPN components necessary to create the VPN. A VPN combines device-level components (such as devices, zones, and routes) with network-level components (authentication, users, and NAT) to create a secure system of communication. Before you can create a VPN, you must first configure the components that comprise the VPN.
Each VPN type has basic, required, and optional components:
- Preparing basic VPN components
- Preparing required policy based VPN components
- Configuring required routing based VPN components
- Configuring optional VPN components
For mixed-mode VPNs, you must configure all basic and required policy- and route-based components.
 |
Note: For step-by-step instructions on creating VPNs, see the Network and Security Manager Online Help. |
To create any type of VPN, ensure that all security devices you want to use in the VPN are managed by NSM and configured correctly.
- Devices—Add the security devices you want to include in the VPN to NSM, ensuring that all devices are in the same domain. If you need to add a device to a VPN in a different domain, you must add the device as an extranet device in the domain that contains the VPN, and then add the extranet device to the VPN. Domain selection is critical when using VPNs. You can create VPNs only between devices within the same domain. If you need to add a device to a VPN in a different domain, add the device as an extranet device in the domain that contains the VPN, and then add the extranet device to the VPN.
- Zones—Configure each security device with at least two zones (trust and untrust); each zone must contain at least one interface (physical or virtual). For details on creating and configuring zones and interfaces, see Configuring Zones and Zone Properties in ScreenOS Devices Overview.
