Print Download PDF Send Feedback

Previous

Next

Large Scale VPN

A VPN that connects branch offices, worldwide partners, remote clients, and other environments, can reach hundreds or thousands of peers. A VPN on this scale brings new challenges. For example, when a new peer is deployed in production, you must define the peer and configure the environment again. Every time a new peer is deployed, you must Install Policy on all the Security Gateways.

The Large Scale VPN (LSV) feature addresses these challenges to deploy more easily and quickly. LSV is supported in R77.30 and higher.

Configuring LSV

To configure Large Scale VPN:

  1. If necessary, create a Trusted CA object in SmartConsole for the CA server that signs LSV peer certificates.
  2. In SmartConsole, right-click Network Objects > Others and select LSV Profile.
  3. In the Large Scale VPN Properties window > General page, enter a unique name for the LSV Profile.
  4. Select a Certificate Authority (CA) to sign peer certificates from the list.

    A CA can sign for only one LSV profile.

  5. In the VPN tab, add VPN communities.
  6. Optional: In the Advanced tab, define limitations for LSV peers:
    • Limit peer's VPN Domain size - Set the maximum number of IP addresses in the VPN domain.
    • Allow any - All IP addresses can be included in the VPN domain.
    • Restrict to a group or network - Include only the selected groups or networks in the peer domain.
  7. Click OK.

    The LSV Profile is under Network Objects > Interoperable Devices.

    Open SmartDashboard > IPsec VPN > Communities. Double-click the community to which you added the LSV profile, and make sure it is listed with the gateways.

  8. Install policy.

Monitoring LSV Peers and Tunnels

You can monitor LSV peers on a Security Gateway with the vpn lsv command.

  1. From the Security Gateway command line, run: vpn lsv
  2. Select an option.

    **********     Select Option     **********

    (1)             List all LSV peers

    (2)             Show LSV peer's details

    (3)             Remove an LSV peer

    (4)             Remove all LSV peers

    (Q)             Quit

    *******************************************

You can also monitor LSV tunnels with SmartView Monitor.