Chapter 16 Interfaces
ZyWALL Series CLI Reference Guide
161
16.12 VTI Commands
IPsec VPN Tunnel Interface (VTI) encrypts or decrypts IPv4 traffic from or to the interface according to
the IP routing table.
VTI allows static routes to send traffic over the VPN. The IPsec tunnel endpoint is associated with an
actual (virtual) interface. Therefore many interface capabilities such as Policy Route, Static Route, Trunk,
and BWM can be applied to the IPsec tunnel as soon as the tunnel is active
Create a trunk using VPN tunnel interfaces for load balancing.
16.12.1 Restrictions for IPsec Virtual Tunnel Interface
• IPv4 traffic only
• IPSec tunnel mode only. A shared keyword must not be configured when using tunnel mode.
• With a VTI VPN you do not add local or remote LANs to your VPN configuration.
• For a VTI VPN you should only have one local and one remote WAN.
• A dynamic peer is not supported
• The IPsec VTI is limited to IP unicast and multicast traffic only.
The following table identifies the values required for many of these commands. Other input values are
discussed with the corresponding commands.
Router(config)# show interface lag
No. Name Address type IP address Mode Active Slaves
===============================================================================
1 lag0 static 0.0.0.0 active-backup yes
2 lag1 static 0.0.0.0 802.3ad yes ge3, ge5, ge6
Table 77 Input Values for VTI Interface Commands
LABEL DESCRIPTION
interface_name
VTO interface: lagx, where x is a number from 0 to the maximum number of VPN
connections allowed for your Zyxel Device model.
Ethernet interface: For some Zyxel Device models use gex, x = 1 - N, where N equals the
highest numbered Ethernet interface for your Zyxel Device model.
For other Zyxel Device models use a name such as wan1, wan2, opt, lan1, ext-wlan, or
dmz.
VLAN interface: vlanx, x = 0 - 4094
To Next Page
Loading...
