Configure Layer 3 VPN Services

Before you begin

Enable VPN Services for the router in the Router Settings section of the network policy.

About this task

Use this task to configure Layer 3 IPsec VPNs. You can create a Layer 3 VPN Services profile that makes use of all the default settings, choose the VPN gateway and define its external IP address, and configure the default routing policy and any policy exceptions.

Procedure

  1. Select to add a new VPN Service.
  2. Enter a name for this service.
  3. Enter an optional description.
  4. Select either Extreme Networks VPN Gateway or Third Party Gateway.
  5. If you selected Extreme Networks VPN Gateway, configure the following information:
    1. Enter the number of branch sites that you expect will build tunnels to the VPN gateway.
    2. Enter the maximum tunnels per gateway.
    3. Select whether to have VPN tunnel addressing be automatic or use a WAN interface IP address.
    4. Select the add icon below VPN Gateway Settings and then Select a VPN Gateway from the drop-down list.
      The VGVAs that display in this list have been added to the network as Layer 3 VPN gateways. To change a VGVAs setting, go to Manage > Devices.
  6. Select Auto to have IP addresses automatically generated, or WAN Interface IP addresses to use a specific address.
  7. If you selected Third Party Gateway, configure the following information:
    1. Select a vendor from the drop-down list.
    2. Enter the IP address of the third-party VPN gateway.
    3. For the VPN Access List at the bottom of the page,select the plus sign and enter the required source and destination networks in the respective VPN access list text boxes.
  8. Select Generate to create credentials for servers and clients.
  9. For the remaining optional settings see:

Results

After you apply a VPN gateway, ExtremeCloud IQ automatically displays its WAN and LAN IP addresses and whether the VPN gateway uses dynamic routing protocols to learn routes from routing peers on its local network.