Creating a site-to-site SSL VPN
We want to establish secure, site-to-site VPN tunnels using an SSL connection. This VPN allows a branch office to connect to the head office. Users in the branch office will be able to connect to the head office LAN.
Objectives
When you complete this unit, you’ll know how to do the following:- Define LANs.
- Add an SSL VPN (Site-to-Site) server connection.
- Download the client configuration file.
- Add an SSL VPN (Site-to-Site) client connection.
- Troubleshoot SSL VPN settings.
Prerequisites
Before getting started, select a firewall to be the server. It is good practice to select the more powerful unit if there is a difference in models. If there is one system with a dynamic IP address and another with a static IP address, use the static IP system.
Define LANs
We create hosts for the head office and branch office networks.
The following steps are executed on the head office firewall.
Add an SSL VPN site-to-site server connection
We create a connection and download the file that will be used to configure the client system.
The following steps are executed on the head office firewall.
Add SSL VPN site-to-site client connection
We use the file that was created on the server to create and configure the client connection.
The following steps are executed on the client firewall.
The new connection appears in the client list. The tunnel is operational when the status indicator shows green.

Troubleshooting VPN settings
- Protocol: This is almost never changed from TCP, but the VPN will still work if both sides use UDP.
- Override hostname: If your system has a hostname that is not publicly routable, add your public IP address here.
- Cryptographic settings: You can alter the cryptographic settings. This won’t affect the tunnel’s operation if both sides of the tunnel match.
- Compress SSL VPN traffic: If you would like to compress packets through the tunnel to conserve bandwidth, enable this option.
- Enable debug mode: If you are having difficulties with the connection, you can enable debug mode to output extra information into the log file.