Adding a VPN Tunnel Interface to a Virtual Device

Description

Virtual Tunnel Interface (VTI) is a virtual interface that is used for establishing a Route-Based VPN tunnel.

This command adds a VTI to an existing Virtual System Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. object.

The VPN tunnel and its properties are defined by the VPN community that contains the two Security Gateways.

You must define the VPN community and its member Security Gateways before you can create a VTI.

To learn more about Route Based VPN, see the R81 Site to Site VPN Administration Guide > Chapter Route Based VPN.

Syntax

add interface vd <Name of Virtual System Object> vpn_tunnel numbered peer <Name of VPN Peer Object> local <Tunnel Local IP> remote <Tunnel Remote IP> [tunnel_id <Tunnel ID>]

Parameters

Parameter

Value

Notes

vd <Name of Virtual System Object>

Object name

Specifies the name of the Virtual System object (as configured in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.).

Mandatory parameter, if this is the first command in a transaction.

vpn_tunnel numbered

true
false

Specifies the type of the VPN tunnel as numbered.

Uses a specified, static IPv4 addresses for local and remote connections.

peer <Name of VPN Peer Object>

Object name

Specifies the name of the remote peer object as defined in the VPN community in SmartConsole.

local <Tunnel Local IP> remote <Tunnel Remote IP>

IPv4 configuration

Specifies the IPv4 addresses in dotted decimal format for the VPN tunnel endpoints:

local <Tunnel Local IP> - IPv4 address of the VPN tunnel on this Virtual System
remote <Tunnel Remote IP> - IPv4 address of the VPN tunnel on the remote VPN peer

Applies to the Numbered VTI only.

tunnel_id <Tunnel ID>

Integer

Specifies the unique Tunnel ID (integer from 1 to 32768).

Note - If the specified ID is already used by another VPN tunnel on this VSX Gateway Physical server that hosts VSX virtual networks, including all Virtual Devices that provide the functionality of physical network devices. It holds at least one Virtual System, which is called VS0. or VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Cluster Member Security Gateway that is part of a cluster., this parameter is ignored and the next available ID is used instead.

Example - Numbered VTI

vsx_provisioning_tool -o add interface vd vs1 vpn_tunnel numbered peer AWS_Peer local 169.254.46.238 remote 169.254.46.237 tunnel_id 10