Print Download PDF Send Feedback

Previous

Next

VPN Tunnel Interfaces

Virtual Tunnel Interface (VTI) is a virtual interface that is a member of an existing, Route-Based, VPN tunnel. Each peer Security Gateway has one VTI that connects to the tunnel.

The VPN tunnel and its properties are defined by the VPN community that contains the two Security Gateways. You must define the VPN community and its member Security Gateways before you can create a VTI. To learn more about Route Based VPN, see the Route Based VPN in the R80.20 Site to Site VPN Administration Guide.

The procedure for configuring a VTI includes these steps:

Step

Description

1

Make sure that the IPsec VPN Software Blade is enabled on the applicable Security Gateways.

2

Create and configure the Security Gateways.

3

Define the VPN community in SmartConsole that includes the two peer Security Gateways.

4

Make Route Based VPN the default option. Do this procedure one time for each Security Management Server.

5

Define the VTI using the Gaia Portal or Gaia Clish.

6

Define Route Based VPN Rules.

7

Save the configuration and install the policy.

Defining the VPN Community

You must define the VPN Community and add the member Security Gateways to it before you configure a VPN Tunnel Interface. This section includes the basic procedure for defining a Site-to-Site VPN Community. To learn more about VPN communities and their definition procedures, see the R80.20 Site to Site VPN Administration Guide.

To define a VPN Community for Site-to-Site VPN:

Step

Description

1

In SmartConsole, click the VPN Communities tab in the navigation tree.

2

Right-click Site To Site and select New Site To Site > Meshed or Star.

3

In the Community Properties window General tab, enter the VPN community name.

4

Select Accept all encrypted traffic.

This option automatically adds a rule to encrypt all traffic between Security Gateways in a VPN community.

5

On the Participating Gateways tab, select member Security Gateways from the list.

For Star VPN communities, use the Center Gateway and Satellite Gateway tabs to do this.

6

Configure other VPN community parameters as necessary.

7

Publish your session.