home

Supported platforms

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

security vpn ipsec site-to-site peer <peer> tunnel <tunnel> local

Defines local configuration options for the IPsec tunnel.

set security vpn ipsec site-to-site peer peer tunnel tunnel local [ port port | prefix prefix ]
delete security vpn ipsec site-to-site peer peer tunnel tunnel local [ port | prefix ]
show security vpn ipsec site-to-site peer peer tunnel tunnel local [ port | prefix ]
peer
Mandatory. The address of the far-end VPN gateway. The format is an IPv4 address, an IPv6 address, a hostname (IPv4 networks only), an authentication ID, or 0.0.0.0.
tunnel
Mandatory. Multi-node. An integer that uniquely identifies this tunnel configuration for this peer VPN gateway. Each tunnel corresponds to a distinct connection configuration. The numbers range from 0 through 4294967295.

A given VPN peer may have more than one tunnel configuration, but each peer must have at least one. To define more than one tunnel configuration for a peer, create multiple tunnel configuration nodes within the peer configuration.

port
Applicable only when the protocol is TCP or UDP. The local port to match. Only traffic from or to this port on the local subnet will travel through this tunnel. Supported formats are as follows:

port-name—Matches the name of an IP service; for example, http. You can specify any service name in the file /etc/services.

port-num—Matches a port number. The numbers range from 1 through 65535.

The default is all.

prefix
Mandatory. The local subnet to which the remote VPN gateway will have access. For IPv4, the format is an IPv4 network address, where network address 0.0.0.0/0 means any local subnet. For IPv6, the format is an IPv6 network address, where network address 0::0/0 means any local subnet.
Note: The address type (IPv4 or IPv6) must match that of the remote prefix.

The default is the subnet the local-address is on.

Configuration mode


security {
        vpn {
            ipsec {
                site-to-site {
                    peer peer {
                        tunnel tunnel {
                            local {
                                port port
                                prefix prefix
                        }
                    }
                }
            }
        }
    }
}

Use this command to define local configuration options for the IPsec tunnel.

Use the set form of this command to set the local tunnel characteristics.

Use the delete form of this command to remove local tunnel configuration.

Use the show form of this command to view local tunnel configuration.