03-10-2019 06:44 AM
Hello
I have a question about the configuration of the ipsec tunnel, in the article when the tunnel interface is created
"Optional) If you want to assign an IPv4 address to the tunnel interface, select the IPv4 tab, and Add the IP address and network mask, for example 10.31.32.1/32."
That "Optional" address, what should it be? from my network, anyone?
I also wanted to consult once the monitor profile was created to know if the tunnel is UP or DOWN, when I select "failover". How should the PBF rule be with another ISP? I am looking for the tunnel to be UP in case the principal no longer responds and performs failover.
Could someone explain to me?
Thank you!
03-19-2019 11:26 AM - edited 03-19-2019 11:28 AM
Hi Otakar,
Thanks you so much for your assistance
Really it help me
its necessary the "negate" or if I don't check this happens something?
Thanks for the PBF, then I'll put the IP of the next router there.
03-20-2019 01:43 PM
Hello,
So the Negate translates to "not equal to'. Let ssay you have 192.168.0.0/16 on your internal network. Now lets say you want all traffic 'except' a certain subnet(s). This is where you would use negate so that the rule is 'cleaner'
example:
i dont want the policy to apply to the following subnets: 192.168.199.0/24 and 192.168.66.0/25.
If you were to apply a 'Permit' policy you would have to list out all the subnets except those you dont want. So instead you use the Negate.
What this does is allows all subnets 'Except' the ones listed.
Hope that makes sense.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
