Update Networking/Sophos/IPSec Site-to-Site VPN Tunnel.md
This commit is contained in:
@ -39,21 +39,21 @@ Navigate to "**Configure > Site-to-Site VPN > Add**"
|
||||
!!! tip "Best Practices - Initiators / Responders"
|
||||
If you have a hub-and-spoke network, where one location acts as a central authority (e.g. domain controllers, auth servers, identity providers, headquarters, etc), you will set up the central "hub" as a VPN responder on its side of the VPN tunnel, and all the remote "spoke" locations would behave as VPN initiators.
|
||||
|
||||
``` mermaid
|
||||
graph TB
|
||||
``` mermaid
|
||||
graph TB
|
||||
Responder((Responder))
|
||||
Initiator1((Initiator 1))
|
||||
Initiator2((Initiator 2))
|
||||
Initiator3((Initiator 3))
|
||||
Initiator4((Initiator 4))
|
||||
Initiator5((Initiator 5))
|
||||
Initiator1((Initiator (Remote Site)))
|
||||
Initiator2((Initiator (Remote Site)))
|
||||
Initiator3((Initiator (Remote Site)))
|
||||
Initiator4((Initiator (Remote Site)))
|
||||
Initiator5((Initiator (Remote Site)))
|
||||
|
||||
Responder --> Initiator1
|
||||
Responder --> Initiator2
|
||||
Responder --> Initiator3
|
||||
Responder --> Initiator4
|
||||
Responder --> Initiator5
|
||||
```
|
||||
```
|
||||
|
||||
!!! note "Tunnel IDs / Subnets"
|
||||
If one side of the tunnel indicates a Local ID, you need to input that as the Remote ID on the other end of the tunnel. While Tunnel IDs are generally optional, if one side uses them, both need to.
|
||||
|
||||
Reference in New Issue
Block a user