How to connect two Branches with a VPN Tunnel

To create an equal (symmetric, non-client-server style) connection between say two branch offices, each having its Internet Gate, set up them as a non-EasyClient client to the other respectively.

Both Internet Gates need to have static global IP addresses.

Both Internet Gates need to have different subnets for ET1.

On both Internet Gates:

1. Make sure the unit has a different subnet for ET1 than at the other (ET1 subnet) end. If needed, change ET1 subnet on the Network Configuration page.
2. Click Add in the VPN Connections field on the IPSec Overview page.
3. On the IPSec Settings page that appears, disable Act as EasyClient .
4. Enter the global IP address of the other Internet Gate in the Remote Gateway IP Address field.
5. Enter the same pre-shared key or certificate.
6. Enter the local subnet used at ET1 behind the other Internet Gate.
7. Click Apply.

Now all PC:s connected to ports ET1/2/3 of one Internet Gate can connect to all PC:s connected to ports ET1/2/3 at the other end. To be able to use port ET4 or AIR the connections need to be tweaked on the advanced pages.

Both Internet Gates must have static IP addresses.