Advanced routing with Route Based VPN Tunnel Interface (5.9.0.x)
12/20/2019 72 21157
With the Route Based VPN approach, network topology configuration is removed from the VPN policy configuration. The VPN policy configuration creates a Tunnel Interface between two end points. Static or Dynamic routes can then be added to the Tunnel Interface. The Route Based VPN approach moves network configuration from the VPN policy configuration to Static or Dynamic Route configuration. Not only does Route Based VPN make configuring and maintaining the VPN policy easier, a major advantage of the Route Based VPN feature is that it provides flexibility on how traffic is routed. With this feature, users can now define multiple paths for overlapping networks over a clear or redundant VPN. Furthermore, the Route Based VPN approach can also be used for Advanced Routing for dynamic routing configured via Dynamic Routing Protocols such as RIP and/or OSPF.
Advanced Routing with Route Based VPN configuration is a two stage process. The first involves creating a Tunnel Interface. Second to create a Tunnel Interface from Network| Interfaces and you can use the Tunnel Interface in Advance Routing thereafter.
The Tunnel Interface is created when a Policy of type Tunnel Interface is added for the remote gateway. The Tunnel Interface must be bound to a physical interface and the IP address of that physical interface is used as the source address of the tunneled packet.
Create VPN policy to type Tunnel Interface.
Select Tunnel Interface from Network | Interfaces.
Create Tunnel Interface for the specified VPN Policy and assign an static IP address. The IP address of that interface is used as the source address of the tunnelled packet and routing updates.
NOTE: The Tunnel Interface will now be part of Network | Interfaces as seen in following as TI2.
Select Advanced Routing in Routing mode and VPN Tunnel Interface TI2 is part of the list to be configured for RIP and/or OSPF.