Creating and monitoring VPN tunnels

In SMC, you can create and manage site-to-site IPsec VPN topologies that connect private networks securely through a public network. VPN topologies can be configured based on policies or routes:

  • A policy-based VPN tunnel links firewall-protected networks or sub-networks to one another, and encrypts and encapsulates traffic between these networks. These networks are described in a policy. Such topologies are used in the standard operating mode.
  • A route-based VPN tunnel uses IPsec virtual tunnel interfaces (VTIs) to link firewalls to one another. These interfaces are considered input and output points for the traffic passing through the tunnel and this traffic is defined by routes.

In both cases, either star or mesh topologies can be used.

SMC 3 Version does not support VPN topologies in IPv6. If a topology includes network objects in IPv6, they will be ignored during deployment. If a topology relies on network objects with a dual IPv4/IPv6 configuration, only the configuration in IPv4 will be applied and the IPv6 configuration ignored.

Refer to the following sections to create policy-based or route-based VPN topologies.