Modifying a Site-To-Site VPN Policy

To modify a site-to-site VPN policy, do the following:

In the Cloud Services Portal, go to VPN Connectivity > Site To Site VPN > Site To Site VPN Policy.
Select the policy you would like to modify, and click Edit.
Make any changes needed in the following fields:
- Description: Enter a description that does not exceed 256 characters in length.
- Type: IPSec the only type available.
- Mode: Auto-detect is the only type available. This field displays the encapsulation mode according to the vendor’s type. You cannot choose or modify the encapsulation mode. Depending on the vendor’s type, this field displays one of the following:
  - Auto-Detect: This is the default mode used when the vendor is Infoblox Service Edge.
  - Transport: The transport encapsulation mode retains the original IP header of the packet, which reflects the original source and destination of the packet. A transport mode–encapsulated datagram is routed in the same manner as the original packet is routed. The transport mode is mostly used in client-to-site VPN scenarios.
  - Tunnel: This is the default mode used when the vendor is Zscaler. The tunnel encapsulation mode encrypts the IP header of the original packet. It builds a new IP header containing the source and destination addresses of the security endpoints. The tunnel mode is used mainly in site-to-site VPN scenarios.
- PSK: Enter the pre-shared key (PSK) for the connection. A PSK is the secret shared between two edges. If you have chosen Zscaler as the vendor, then, while configuring the IPSec VPN in the Zscaler Cloud Portal, you will need to enter the same PSK in the New Pre-Shared Key field of the Add VPN Credentials dialog. For more information, see Configuring IPSec VPN for Zscaler.
Click Save & Close.