Configure IKEv2 Traffic Selectors
In IKEv2, you can configure Traffic Selectors, which are components of network traffic that are used during IKE negotiation. Traffic selectors are used during the CHILD_SA (tunnel creation) Phase 2 to set up the tunnel and to determine what traffic is allowed through the tunnel. The two IKE gateway peers must negotiate and agree on their traffic selectors; otherwise, one side narrows its address range to reach agreement. One IKE connection can have multiple tunnels; for example, you can assign different tunnels to each department to isolate their traffic. Separation of traffic also allows features such as QoS to be implemented. Use the following workflow to configure traffic selectors.
- Select NetworkIPSec TunnelsProxy IDs.
- Select the IPv4 or IPv6 tab.
- Click Add and enter the Name in the Proxy ID field.
- In the Local field, enter the Source IP Address.
- In the Remote field, enter the Destination IP Address.
- In the Protocol field, select the transport protocol (TCP or UDP) from the drop-down.
- Click OK.
Traffic Selectors In IKEv1, a firewall that has a route-based VPN needs to use a local and remote Proxy ID in order to set up ...
IPSec Tunnel Proxy IDs Tab
IPSec Tunnel Proxy IDs Tab Network > IPSec Tunnels > Proxy IDs The IPSec Tunnel Proxy IDs tab is separated into two tabs: IPv4 and ...
IKEv2 An IPSec VPN gateway uses IKEv1 or IKEv2 to negotiate the IKE security association (SA) and IPSec tunnel. IKEv2 is defined in RFC 5996 ...
Set Up an IPSec Tunnel
Set Up an IPSec Tunnel The IPSec tunnel configuration allows you to authenticate and/or encrypt the data (IP packet) as it traverses across the tunnel. ...
IKE Gateway Restart or Refresh
IKE Gateway Restart or Refresh Network > IPSec Tunnels Select Network IPSec Tunnels to display status of tunnels. In the second Status column is a ...
Tunnel Interface To set up a VPN tunnel, the Layer 3 interface at each end must have a logical tunnel interface for the firewall to ...
Site-to-Site VPN with Static and Dynamic Routing
Site-to-Site VPN with Static and Dynamic Routing In this example, one site uses static routes and the other site uses OSPF. When the routing protocol ...