home

Supported platforms

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

security vpn ipsec site-to-site peer <peer> local-address <address>

Specifies the local IP address to be used as the source IP for packets destined for the remote peer.

set security vpn ipsec site-to-site peer peer local-address address
delete security vpn ipsec site-to-site peer peer local-address
show security vpn ipsec site-to-site peer peer local-address
peer
Mandatory. The address of the far-end VPN gateway. The format is an IPv4 address, an IPv6 address, a hostname (IPv4 networks only), an authentication ID, or 0.0.0.0.
address
Mandatory. The local IPv4 or IPv6 address to be used as the source IP for packets destined for the remote peer. If the physical interface has a dynamic IPv4 address, then the local-address must be set to any.

Configuration mode


security {
        vpn {
            ipsec {
            site-to-site {
                peer peer {
                    local-address address
                }
            }
        }
    }
}

Use this command to specify the local IP address to be used as the source IP address for packets destined for the remote peer.

The address type must match that of the peer. For example, if the peer address is IPv4, then the local-address must also be IPv4.

The local-address must be set to any in cases where the local external IPv4 address is dynamic or unknown; for example, when the address is supplied by a PPPoE connection or DHCP server. If you use an address of any, you must set the local authentication ID using security vpn ipsec site-to-site peer <peer> authentication id <id>.

When the local-address is set to any, the default route is used and the connection will not be automatically updated if the IP address changes (a reset vpn ipsec-peer <peer> is required when the IP address changes). A better alternative for use with DHCP client interfaces is security vpn ipsec site-to-site peer <peer> dhcp-interface <interface>.

Note: The local-address option cannot be used if security vpn ipsec site-to-site peer <peer> dhcp-interface <interface> is also set.

If the VPN tunnel is being clustered for high availability, the local-address attribute must be the cluster IP address, not the IP address configured for the physical interface. Otherwise, the local-address must be the address configured for the physical interface.

Use the set form of this command to specify the local IP address to be used as the source IP for packets destined for the remote peer.

Use the delete form of this command to remove local IP address configuration.

Use the show form of this command to view local IP address configuration.