home

Supported platforms

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

security vpn ipsec site-to-site peer <peer> tunnel <tunnel> remote

Defines remote configuration options for the IPsec tunnel.

set security vpn ipsec site-to-site peer peer tunnel tunnel remote [ port port | prefix prefix ]
delete security vpn ipsec site-to-site peer peer tunnel tunnel remote [ port | prefix ]
show security vpn ipsec site-to-site peer peer tunnel tunnel remote [ port | prefix ]
peer
Mandatory. The address of the far-end VPN gateway. The format is an IPv4 address, an IPv6 address, a hostname (IPv4 networks only), an authentication ID, or 0.0.0.0.
tunnel
Mandatory. Multi-node. An integer that uniquely identifies this tunnel configuration for this peer VPN gateway. Each tunnel corresponds to a distinct connection configuration. The numbers range from 0 through 4294967295.

A given VPN peer may have more than one tunnel configuration, but each peer must have at least one. To define more than one tunnel configuration for a peer, create multiple tunnel configuration nodes within the peer configuration.

port
Applicable only when the protocol is TCP or UDP. The remote port to match. Only traffic from or to this port on the remote subnet will travel through this tunnel. Supported formats are as follows:

port-name—Matches the name of an IP service; for example, http. You can specify any service name in the file /etc/services.

port-num—Matches a port number. The numbers range from 1through 65535.

The default is all.

prefix
Mandatory. The remote subnet behind the remote VPN gateway, to which the vRouter will have access. For IPv4, the format is an IPv4 network address, where network address 0.0.0.0/0 means any subnet behind the remote VPN gateway. For IPv6, the format is an IPv6 network address, where network address 0::0/0 means any local subnet.
Note: The address type (IPv4 or IPv6) must match that of the local prefix.

This option is ignored if allowed-nat-networks is enabled.

The default is the subnet of the peer.

Configuration mode

security {
        vpn {
            ipsec {
                site-to-site {
                    peer peer {
                        tunnel tunnel {
                            remote {
                                port port
                                prefix prefix
                        }
                    }
                }
            }
        }
    }
}

Use this command to define local configuration options for the IPsec tunnel.

Use the set form of this command to set the local tunnel characteristics.

Use the delete form of this command to remove local tunnel configuration.

Use the show form of this command to view local tunnel configuration.