Editing the VTI network pool

When a route-based VPN topology is being created, the SMC server selects the IP addresses of IPSec VTIs from a private sub-network defined by default.

This sub-network is a reserve of available addresses and must be included in (or equal to) one of these three sub-networks:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

The sub-network suggested by default is 172.25.0.0/16.

This default network pool is the same across all topologies. If necessary, you can edit the global pool, or a pool specific to a topology.

WARNING
If you edit a topology’s network pool of IPSec interfaces after the topology is created and deployed, you should verify the configuration of the interfaces already created on your firewalls.