This article details how to enable site-to-site VPN between two DNAs. Note that you must have several prerequisites established before you can enable site-to-site.
- Both DNAs must have at least one LAN configured
- The subnets cannot overlap
To enable site-to-site VPN:
- Log in to the first DNA and choose the Security tab.
- Select Site-to-Site VPN from the left pane.
- Enable Site-to-Site VPN.
- Under Enable Site-to-Site VPN, select Yes.
- Under Connection Mode, select the desired connection mode for this DNA. Note: if this DNA is currently on failover, you must select the Outbound connection.
- From the Remote DNA drop-down menu, select the remote DNA that you would like to establish the site-to-site VPN connection with. Then click Save Changes.
- Log in to the second DNA and repeat steps 2 and 3 with one difference: the Connection Mode for the second DNA should be different from the first. For example, if you set the first DNA to Outbound, then you must set the second DNA to Inbound.