Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

security vpn ipsec site-to-site peer <peer> tunnel <tunnel> allow-public-networks <state>

This command is no longer required. Running this command has no effect on the configuration.

set security vpn ipsec site-to-site peer peer tunnel tunnel allow-public-networks state
delete security vpn ipsec site-to-site peer peer tunnel tunnel allow-public-networks
show security vpn ipsec site-to-site peer peer tunnel tunnel allow-public-networks

A connection to a public network is not allowed (disabled).

peer
Mandatory. The address of the far-end VPN gateway. The format is an IPv4 address, an IPv6 address, a hostname (IPv4 networks only), an authentication ID, or 0.0.0.0.
tunnel
Mandatory. Multi-node. An integer that uniquely identifies this tunnel configuration for this peer VPN gateway. Each tunnel corresponds to a distinct connection configuration. The numbers range from 0 through 4294967295.

A given VPN peer may have more than one tunnel configuration, but each peer must have at least one. To define more than one tunnel configuration for a peer, create multiple tunnel configuration nodes within the peer configuration.

state
Allows connections to public IP addresses on a per-tunnel basis. Supported values are as follows:

enable—Allows connections to public networks.

disable—Does not allow connections to public networks.

This option requires that the allow-nat-networks option be enabled, and that allowed NAT networks be specified by using security vpn ipsec nat-networks allowed-network <ipv4net>.

Configuration mode


security {
        vpn {
            ipsec {
                site-to-site {
                    peer peer {
                        tunnel tunnel {
                            allow-public-networks state
                    }
                }
            }
        }
    }
}

Use this command to specify whether or not a connection to a public network is allowed.

Use the set form of this command to specify whether or not a connection to a public network is allowed.

Use the delete form of this command to remove the configuration and return it to the default behavior.

Use the show form of this command to view the configuration.