Defining Site elements for VPN gateways
The Site element defines the internal IP addresses that can send or receive traffic through the VPN.
The IP addresses work like routing definitions when the gateway selects which VPN tunnel a packet is sent through. The Site elements must contain the IP addresses of all protected hosts that potentially send or receive VPN traffic through any site-to-site or mobile VPN. IP addresses that are not included in the Site elements are not allowed as source or destination addresses in policy-based VPNs.
By default, each site is included in all VPNs where the gateway is used. You can manually disable individual sites in individual VPNs without affecting other VPNs. It is not possible to partially disable sites. If the IP address space must be different in different VPNs, you need several sites. You can define as many Site elements as you need.