Update Networking/Sophos/IPSec Site-to-Site VPN Tunnel.md
This commit is contained in:
@ -39,6 +39,22 @@ Navigate to "**Configure > Site-to-Site VPN > Add**"
|
|||||||
!!! tip "Best Practices - Initiators / Responders"
|
!!! tip "Best Practices - Initiators / Responders"
|
||||||
If you have a hub-and-spoke network, where one location acts as a central authority (e.g. domain controllers, auth servers, identity providers, headquarters, etc), you will set up the central "hub" as a VPN responder on its side of the VPN tunnel, and all the remote "spoke" locations would behave as VPN initiators.
|
If you have a hub-and-spoke network, where one location acts as a central authority (e.g. domain controllers, auth servers, identity providers, headquarters, etc), you will set up the central "hub" as a VPN responder on its side of the VPN tunnel, and all the remote "spoke" locations would behave as VPN initiators.
|
||||||
|
|
||||||
|
``` mermaid
|
||||||
|
graph TB
|
||||||
|
Responder((Responder))
|
||||||
|
Initiator1((Initiator 1))
|
||||||
|
Initiator2((Initiator 2))
|
||||||
|
Initiator3((Initiator 3))
|
||||||
|
Initiator4((Initiator 4))
|
||||||
|
Initiator5((Initiator 5))
|
||||||
|
|
||||||
|
Responder --> Initiator1
|
||||||
|
Responder --> Initiator2
|
||||||
|
Responder --> Initiator3
|
||||||
|
Responder --> Initiator4
|
||||||
|
Responder --> Initiator5
|
||||||
|
```
|
||||||
|
|
||||||
!!! note "Tunnel IDs / Subnets"
|
!!! note "Tunnel IDs / Subnets"
|
||||||
If one side of the tunnel indicates a Local ID, you need to input that as the Remote ID on the other end of the tunnel. While Tunnel IDs are generally optional, if one side uses them, both need to.
|
If one side of the tunnel indicates a Local ID, you need to input that as the Remote ID on the other end of the tunnel. While Tunnel IDs are generally optional, if one side uses them, both need to.
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user