add vpn site
Description
Adds a new remote VPN site for VPN site-to-site.
Syntax
|
|
Parameters
|
Parameter |
Description |
|---|---|
|
aggressive-mode-DH-group |
determine the strength of the key when aggressive mode is enabled |
|
aggressive-mode- enable-gateway-id |
Indicates if gateway ID matching will be used. This adds a layer of security to aggressive mode Type: Boolean (true/false) |
|
aggressive-mode- enable-peer-id |
Indicates if peer ID matching will be used. This adds a layer of security to aggressive mode Type: Boolean (true/false) |
|
aggressive-mode- enabled |
main mode, is used. It is less recommended if the remote site supports IPSec main mode Type: Boolean (true/false) |
|
aggressive-mode- gateway-id |
The gateway ID that will be used for matching when configured to Type: vpnAggressiveModePeerId |
|
aggressive-mode- gateway-id-type |
Indicates the type of gateway ID that will be used for matching when configured Options: domain-name, user-name |
|
aggressive-mode- peer-id |
The peer ID that will be used for matching when configured to Type: vpnAggressiveModePeerId |
|
aggressive-mode- peer-id-type |
Indicates the type of peer ID that will be used for matching when configured Options: domain-name, user-name |
|
auth-method |
Indicates the type of authentication used when connecting to the remote site Type: Press TAB to see available options |
|
disable-nat |
Disable NAT for traffic to/from the remote site. Useful when one of the internal networks contains a server Type: Boolean (true/false) |
|
enable-perfect- forward-secrecy |
Ensures that a session key will not be compromised if one of the (long-term) private keys is compromised in the future. Type: Boolean (true/false) |
|
enable-permanent- vpn-tunnel |
VPN Tunnels are constantly kept active and as a result, make it easier to recognize malfunctions and connectivity problems Type: Boolean (true/false) |
|
enabled |
Indicates whether or not the remote site is enabled Type: Boolean (true/false) |
|
enc-method |
Indicates which encryption method is used Options: ike-v1, ike-v2, prefer-ike-v2 |
|
enc-profile |
Encryption profile (one of predefined profiles or custom) Type: virtual |
|
is-check-point-site |
Enable if the remote site is connected through a Check Point Security Gateway Type: Boolean (true/false) |
|
is-site-behind-static- nat |
Indicates if the remote site is behind static NAT Type: Boolean (true/false) |
|
link-selection-multiple-addrs addr |
IP address |
|
link-selection-probing- method |
The type of probing used for link selection when multiple IP addresses are configured for the remote site Options: ongoing, one-time |
|
match-cert-dn |
Indicates if certificate matching should match the DN string in the certificate to the configured DN string Type: Boolean (true/false) |
|
match-cert-dn-string |
Indicates the configured DN string for certificate matching Type: String |
|
match-cert-e-mail |
Indicates if certificate matching should match the E-mail string in the certificate to the configured E-mail string Type: Boolean (true/false) |
|
match-cert-e-mail- string |
Indicates the configured E-mail string for certificate matching Type: Email address |
|
match-cert-ip |
Indicates if certificate matching should match IP address in the certificate to the site's IP address Type: Boolean (true/false) |
|
name |
Site name Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9, a-z, _ -) characters without spaces |
|
password |
Preshared secret (minimum 6 characters) to be used when authentication method is configured as such Type: vpnPassword |
|
phase1-reneg-interval |
The period, in minutes, between each IKE SA renegotiation Type: A number with no fractional part (integer) |
|
phase2-dh |
Determine the strength of the key used for the IPsec (Phase 2) key exchange process. The higher the group number, the stronger and more secure the key is. |
|
phase2-reneg-interval |
The period, in seconds, between each IPSec SA renegotiation Type: A number with no fractional part (integer) |
|
remote-site-enc-dom- type |
The method of defining the remote site's encryption domain Options: manually-defined-enc-dom, route-all-traffic-to-site, route-based-vpn, enc-dom-hidden-behind-remote-site |
|
remote-site-host- name |
Indicates the host name of the remote site Type: An IP address or host name |
|
remote-site-ip- address |
Indicates the IP address of the remote site Type: IP address |
|
remote-site-link- selection |
Indicates the method of determining the destination IP address/s of the remote site Type: Press TAB to see available options |
|
static-nat-ip |
Indicates an external routable IP address via static NAT used by the remote site Type: IP address |
|
use-trusted-ca |
Indicates if a specific trusted CA is used for matching the remote site's certificate or all configured trusted CAs |
Example
|
|