Give VPN access to more hosts in policy-based VPNs
If you want to give access to hosts with IP addresses that are not already configured for your policy-based VPN, you must follow several general steps.
Note: In route-based VPNs, it is not necessary to change the VPN configuration to allow access through the VPN for more hosts. Any traffic that is routed to a tunnel interface and allowed by the
Access rules automatically uses the route-based VPN tunnel.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Make sure that the IP addresses are included in one of the Sites of the correct VPN gateway. If the IP addresses must not be included in other VPNs where the same gateway element is used, add them to a separate Site. Disable the Site in other VPNs.
- (VPN with external gateways) Add the new IP addresses to the configuration of the external gateway device, so that it routes the traffic through the VPN.
- Check that the Access rules of all gateways involved specify that this traffic is sent or allowed through the policy-based VPN. If NAT is enabled in the policy-based VPN, also check the NAT rules.