If you do not want this behavior you will have to create a new rule to allow this traffic which is on more rule than you need if you would have set up a dedicated zone for the VPN tunnel.Īdd the outside interface to the untrusted zone. If you have the VPN zone the same as the outside zone and you implement a policy for your VPN users, by default it will affect the outside users not using the VPN. This is because if you do this, you will have greater flexibility when configuring rules and NAT. You will want to create a zone for the VPN termination and not use an existing zone. Set network interface tunnel units tunnel.77 The logical tunnel interface does not need an IP address unless you want to manage it. This logical interface is where we will terminate the VPN connections on the inside. The same with the physical interface, the tunnel interface will be assigned to a virtual router and zone later. Set network interface ethernet ethernet1/11 layer3 ip 77.6.5.4/24 We'll assign it to the virtual router and zones later. You can choose an already existing interface if configured but the following command assigns an interface with an IP address. The gateway can be any physical interface but it has to be routed and public if it crosses the internet. Once you have an endpoint for Phase 1, you'll need an endpoint for Phase 2 which will be a tunnel interface. You'll need an interface with layer 3 capabilities because this will be your IKE endpoint. First start with Phase 1 or the IKE profile. To create a VPN you need IKE and IPsec tunnels or Phase 1 and Phase 2.
0 kommentar(er)
