1. Open your browser and enter the URL of the USG on Site A
2. Add a VPN Gateway (Phase 1 Negotiation) under Configuration > VPN > IPSec VPN > VPN Gateway
3. Enter the name of the VPN Gateway - Object
4. Choose the outgoing interface in “My Address” (i.e. WAN1)
5. Configure the Peer Gateway Address according to the gateway of Site B
6. Enter a preshared key
7. Set Phase 1 proposals as desired. A good compromise for security and good payload is AES128 encryption, SHA1 authentication as well as DH1 Key Group
8. Add a VPN Tunnel – Object under Configuration > VPN > IPSEC VPN > VPN Connection
9. Select the desired VPN Gateway – Object and set up the Policies. Local Policies refer to the local clients that shall be allowed to remote access via IPSec VPN tunnel. Remote policy is the subnet or address range you want to reach via IPSec VPN Connection. You eventually need to create an address object for the remote network.
10. Select the Phase 2 proposals as desired. In Phase 2, we suggest using the AES128 encryption as well as the SHA1 authentication.
12. Open your browser and enter the URL of the USG on Site B
13. Add a VPN Gateway under Configuration > VPN > IPSec VPN > VPN Gateway
14. Set up the local interface and peer gateway, preshared key as well as the Phase 1 proposal setting
15. Add a VPN Tunnel – Object under Configuration > VPN > IPSEC VPN > VPN Connection
16. Tick the “Nailed-Up” – Option in order for the VPN tunnel to automatically establish and connect itself
17. Select the desired VPN Gateway – Object as well as the local and remote policy
18. Make sure that the Phase 2 proposal settings match with those made on the Site A VPN Connection
19. Manually connect the VPN tunnel for the first time. Afterwards, it should rescan connectivity and reconnect automatically.