Creating or modifying an IPSec interface (VTI)
These interfaces make it possible to set up routed IPSec tunnels. The virtual IPSec interface acts as a traffic endpoint and all packets routed to this interface will then be encrypted. Such configurations may allow, for example, making QoS traffic pass through a dedicated IPSec tunnel: high-priority traffic will then take a specific tunnel while other traffic will go through a second tunnel.
To create or modify a virtual IPSec interface, click on the “IPSec interfaces (VTI)” tab.
|Search||Search that covers interfaces.|
|Add||Adds an “empty” interface. An added interface (sending of a command) is effective only if its fields Name, IP address and Network mask have been entered.|
|Delete||Deletes one or several selected interfaces. Use the keys Ctrl/Shift + Delete to delete several interfaces.|
|Check usage||Represented by the icon , this button indicates whether the selected interface is being used elsewhere in the configuration.|
|Apply||Sends the configuration of the IPSec interfaces.|
|Cancel||Cancels the configuration of the IPSec interfaces.|
Some operations listed in the taskbar can be performed by right-clicking on the table of virtual IPSec interfaces:
- Check usage.
Presentation of the table
The table sets out five fields of information:
|Status||Status of the interfaces: |
|Give the IPSec interface a name.|
|IPv4 address (mandatory),||Enter the IP address assigned to the virtual interface created.|
|IPv4 mask (mandatory),||The default value suggested is 255.255.255.252. Since virtual IPSec interfaces are meant for setting up point-to-point tunnels, a network that allows assigning two addresses is sufficient in theory. This value may however be customized.|
|Protected||Double-click on this cell to modify the interface type:|