When Domain Based VPN and Route Based VPN are defined for a Security Gateway, Domain Based VPN is active by default. You must do two short procedures to make sure that Route Based VPN is always active.
The first procedure defines an empty encryption domain group for your VPN peer Security Gateways. You do this step one time for each Security Management Server. The second step is to make Route Based VPN the default option for all Security Gateways.
To define an empty group:
Step |
Description |
---|---|
1 |
In the SmartConsole, click Objects menu > More object types > Network Object > Group > click New Network Group. |
2 |
Enter a group name. |
3 |
Do not add members to this group. |
4 |
Click OK. |
To make Route Based VPN the default choice:
Step |
Description |
---|---|
1 |
In SmartConsole, double-click the applicable Security Gateway. |
2 |
In the Gateway pane, click Topology. |
3 |
In the VPN Domain section, select Manually define and then select the empty group you created earlier. |
4 |
Install the Access Policy. |
Do these steps for each Security Gateway.