Creating or modifying an IPsec interface (VTI)
These interfaces make it possible to set up routed IPsec tunnels. The virtual IPsec interface acts as a traffic endpoint and all packets routed to this interface will then be encrypted. Such configurations may allow, for example, making QoS traffic pass through a dedicated IPsec tunnel: high-priority traffic will then take a specific tunnel while other traffic will go through a second tunnel.
To create or modify a virtual IPsec interface, click on the “IPsec interfaces (VTI)” tab.
Button bar
| Search | Search that covers interfaces. |
| Add | Adds an “empty” interface. An added interface (sending of a command) is effective only if its fields Name, IP address and Network mask have been entered. |
| Delete | Deletes one or several selected interfaces. Use the keys Ctrl/Shift + Delete to delete several interfaces. |
| Check usage | Represented by the icon  , this button indicates whether the selected interface is being used elsewhere in the configuration. |
| Apply | Sends the configuration of the IPsec interfaces. |
| Cancel | Cancels the configuration of the IPsec interfaces. |
Interactive features
Some operations listed in the taskbar can be performed by right-clicking on the table of virtual IPsec interfaces:
- Add,
- Delete,
- Check usage.
Presentation of the table
The table sets out five fields of information:
| Status | Status of the interfaces:
|
Name (mandatory) | Give the IPsec interface a name. NOTE |
| IPv4 address (mandatory), | Enter the IP address assigned to the virtual interface created. |
| IPv4 mask (mandatory), | The default value suggested is 255.255.255.252. Since virtual IPsec interfaces are meant for setting up point-to-point tunnels, a network that allows assigning two addresses is sufficient in theory. This value may however be customized. |
| Protected | Double-click on this cell to modify the interface type:
|
Comments (optional) | Any text. |
Enabled: Double-click to enable the created interface. 
Disabled: The interface is not in operation. The line will be grayed out in order to reflect this.