security vpn ipsec site-to-site peer <peer> tunnel <tunnel> allow-public-networks <state>
This command is no longer required. Running this command has no effect on the configuration.
A connection to a public network is not allowed (disabled).
- peer
- Mandatory. The address of the far-end VPN gateway. The format is an IPv4 address, an IPv6 address, a hostname (IPv4 networks only), an authentication ID, or 0.0.0.0.
- tunnel
- Mandatory. Multi-node. An integer that uniquely identifies this tunnel configuration for this peer VPN gateway. Each tunnel corresponds to a distinct connection configuration. The numbers range from 0 through 4294967295.
A given VPN peer may have more than one tunnel configuration, but each peer must have at least one. To define more than one tunnel configuration for a peer, create multiple tunnel configuration nodes within the peer configuration.
- state
- Allows connections to public IP addresses on a per-tunnel basis. Supported values are as follows:
enable—Allows connections to public networks.
disable—Does not allow connections to public networks.
This option requires that the allow-nat-networks option be enabled, and that allowed NAT networks be specified by using security vpn ipsec nat-networks allowed-network <ipv4net>.
Configuration mode
security {
vpn {
ipsec {
site-to-site {
peer peer {
tunnel tunnel {
allow-public-networks state
}
}
}
}
}
}Use this command to specify whether or not a connection to a public network is allowed.
Use the set form of this command to specify whether or not a connection to a public network is allowed.
Use the delete form of this command to remove the configuration and return it to the default behavior.
Use the show form of this command to view the configuration.