![]() ![]() Here is an example of a route-based VPN configured on a Palo Alto Networks firewall. ![]() This single VPN tunnel will have only one phase 1 (IKE) tunnel / security association and again only one single phase 2 (IPsec) tunnel / SA. They can be ignored since every firewall sets them to ::/0 respectively 0.0.0.0/0 if not specified otherwise. a security policy statement based on the zones or addresses which are used by the tunnel-interface.Ī route-based VPN does NOT need specific phase 2 selectors/proxy-IDs.a routing statement that routes certain IP destinations into the tunnel with the tunnel-interface as exit interface, and.a virtual tunnel-interface that sends/receives the tunneled traffic,.This routing statement is placed in the routing table of the firewall/router such as any other static/dynamic/connected routes.Īlong with the basic IPsec settings for the tunnel termination such as IKE/IPsec crypto profiles and WAN IP addresses a route-based VPN consists of the following components: As the name implies a route-based VPN is a connection in which a routing table entry decides whether to route specific IP connections (based on its destination address) into a VPN tunnel or not. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |