set vpn site-to-site

Description

Configure global settings for VPN site to site.

Syntax

set vpn site-to-site

[ default-access-to-lan {accept | block} ]

[ local-encryption-domain {auto | manual} ]

[ manual-source-ip-address <manual-source-ip-address> ]

[ mode {true | false} ]

[ outgoing-interface-selection {routing-table | route-based-probing} ]

[ source-ip-address-selection {automatically | manually} ]

[ track {log | none} ]

[ tunnel-health-monitor-mode {dpd | tunnel-test}]

[ use-dpd-responder-mode {true | false} ]

Parameters

Parameter	Description
default-access-to-lan	Allows (`accept`) or drops (`block`) the traffic from remote VPN sites
local-encryption-domain	Configures the local encryption domain automatically (using the local networks) or manually
manual-source-ip-address	A manually configured source IP address to be used (if configured to) for VPN tunnels
mode	Enables (`true`) or disables (`false`) the Site -to-Site VPN
outgoing-interface-selection	Configures the method, according to which the outgoing interface is selected for VPN traffic: `routing-table` - Selects an outgoing interface based on the routing table `route-based-probing` - Selects an outgoing interface based on the route probing
source-ip-address-selection	Selects whether the source IP address is chosen automatically according to the outgoing interface, or configured manually
track	Enables (`log`) or disables (`none`) the logging of traffic from remote VPN sites
tunnel-health-monitor-mode	Configures the VPN tunnel monitoring mechanism: `dpd` - DPD mode `tunnel-test` - Permanent Tunnel
use-dpd-responder-mode	Selects whether to use the DPD responder mode (`true`) or Permanent Tunnel based on the DPD mode (`false`)

Example

set vpn site-to-site mode true default-access-to-lan block track none local-encryption-domain auto manual-source-ip-address 192.168.1.1 source-ip-address-selection automatically outgoing-interface-selection routing-table use-dpd-responder-mode true tunnel-health-monitor-mode tunnel-test