VPN Tunnel Interfaces

Virtual Tunnel Interface. A virtual interface that is a member of an existing, Route-Based, VPN tunnel. Each peer Security Gateway has one VTI that connects to the tunnel.

The VPN tunnel and its properties are defined by the VPN community that contains the two gateways. You must define the VPN community and its member Security Gateways before you can create a VTI. To learn more about Route Based VPN, see Route Based VPN in the R80.10 Site to Site VPN Administration Guide.

The procedure for configuring a VTI includes these steps:

Make sure that the IPsec VPN Software Blade is enabled on the applicable Security Gateways.
Create and configure the Security Gateways.
Define a VPN community in SmartDashboard that includes the two peer Security Gateways.
Make Route Based VPN the default option. Do this procedure one time for each Security Management Server.
Define the VTI using the Gaia Portal, or Gaia Clish.
Define Route Based VPN Rules.
Save the configuration and install the policy.

Defining the VPN Community

You must define the VPN Community and add the member Security Gateways to it before you configure a VPN Tunnel Interface. This section includes the basic procedure for defining a Site to Site VPN Community. To learn more about VPN communities and their definition procedures, see the R80.10 Site to Site VPN Administration Guide.

To define a VPN Community for Site to Site VPN:

In SmartConsole, click the VPN Communities tab in the navigation tree.
Right-click Site To Site and select New Site To Site > Meshed or Star.
In the Community Properties window General tab, enter the VPN community name.
Select Accept all encrypted traffic.
This option automatically adds a rule to encrypt all traffic between gateways in a VPN community.
On the Participating Gateways tab, select member gateways from the list.
For star communities, use the Center Gateways and Satellite Gateways tabs to do this.
Configure other community parameters as necessary.
Publish your session.