Chapter 10 Interfaces
ZyWALL/USG Series User’s Guide
343
10.10 VTI
IPsec VPN Tunnel Interface (VTI) encrypts or decrypts IPv4 traffic from or to the interface according
to the IP routing table.
VTI allows static routes to send traffic over the VPN. The IPsec tunnel endpoint is associated with an
actual (virtual) interface. Therefore many interface capabilities such as Policy Route, Static Route,
Trunk, and BWM can be applied to the IPsec tunnel as soon as the tunnel is active
IPsec VTIs simplifies network management and load balancing. Create a trunk using VPN tunnel
interfaces for load balancing. In the following example configure VPN tunnels with static IP
addresses or DNS on both ZyWALL/USGs (or IPSec routers at the end of the tunnel). Also configure
VTI and a trunk on both ZyWALL/USGs.
Figure 241 VTI and Trunk for VPN Load Balancing
10.10.1 Restrictions for IPsec Virtual Tunnel Interface
• IPv4 traffic only
• IPSec tunnel mode only. A shared keyword must not be configured when using tunnel mode.
• With a VTI VPN you do not add local or remote LANs to your VPN configuration.
• For a VTI VPN you should only have one local and one remote WAN.
• A dynamic peer is not supported
• The IPsec VTI is limited to IP unicast and multicast traffic only.
Check Default
Gateway
Select this to use the default gateway for the connectivity check.
Check this
address
Select this to specify a domain name or IP address for the connectivity check. Enter
that domain name or IP address in the field next to it.
Check Port This field only displays when you set the Check Method to tcp. Specify the port
number to use for a TCP connectivity check.
Related Setting
Configure WAN
TRUNK
Click WAN TRUNK to go to a screen where you can configure the interface as part of a
WAN trunk for load balancing.
Configure Policy
Route
Click Policy Route to go to the screen where you can manually configure a policy
route to associate traffic with this bridge interface.
OK Click OK to save your changes back to the ZyWALL/USG.
Cancel Click Cancel to exit this screen without saving.
Table 120 Configuration > Network > Interface > LAG > Add (continued)
LABEL DESCRIPTION
To Next Page
Loading...
