security vpn ipsec site-to-site peer <peer> local-address <address>
Specifies the local IP address to be used as the source IP for packets destined for the remote peer.
- peer
- Mandatory. The address of the far-end VPN gateway. The format is an IPv4 address, an IPv6 address, a hostname (IPv4 networks only), an authentication ID, or 0.0.0.0.
- address
- Mandatory. The local IPv4 or IPv6 address to be used as the source IP for packets destined for the remote peer. If the physical interface has a dynamic IPv4 address, then the local-address must be set to any.
Configuration mode
security {
vpn {
ipsec {
site-to-site {
peer peer {
local-address address
}
}
}
}
}
Use this command to specify the local IP address to be used as the source IP address for packets destined for the remote peer.
The address type must match that of the peer. For example, if the peer address is IPv4, then the local-address must also be IPv4.
The local-address must be set to any in cases where the local external IPv4 address is dynamic or unknown; for example, when the address is supplied by a PPPoE connection or DHCP server. If you use an address of any, you must set the local authentication ID using security vpn ipsec site-to-site peer <peer> authentication id <id>.
When the local-address is set to any, the default route is used and the connection will not be automatically updated if the IP address changes (a reset vpn ipsec-peer <peer> is required when the IP address changes). A better alternative for use with DHCP client interfaces is security vpn ipsec site-to-site peer <peer> dhcp-interface <interface>.
If the VPN tunnel is being clustered for high availability, the local-address attribute must be the cluster IP address, not the IP address configured for the physical interface. Otherwise, the local-address must be the address configured for the physical interface.
Use the set form of this command to specify the local IP address to be used as the source IP for packets destined for the remote peer.
Use the delete form of this command to remove local IP address configuration.
Use the show form of this command to view local IP address configuration.