A route-based VPN (also known as. tunnel interface VPN) rather than a site to site one. Both establish a secure tunnel between appliances. However, a route policy controls traffic through the tunnel. This gives you more control over the services (ports), you want to open, as well as redundancy to reroute traffic in the event of an outage between the appliances.
Let’s say that you have constructed tunnel interfaces between three locations: New York City, Los Angeles, Houston. Each site has its own route policies. You must create a backup policy to reroute traffic if the tunnels are damaged. Consider the following scenario: Although the New York tunnel interface to Los Angeles is down, the interfaces between New York City and Houston and Los Angeles remain up. You can reroute traffic via Houston from New York to Los Angeles. This can be done by creating a second route policy in New York that uses a different metric and whose destination network remains Los Angeles. You must first select the Tunnel Interface policy that sends traffic from Houston. Houston, realizing that Los Angeles is the destination network, will use its tunnel from Houston to route traffic. The same thing happens for traffic from Los Angeles to New York.
Site-to-site VPNs do not provide this type of redundancy as the network configuration is done in the policy. Tunnel interface transfers that configuration from the source network to the destination network to a route rule. Tunnel interface can also turn on advanced routing. This uses either RIP routing protocols or OSPF routing protocols. Advanced routing can be checked in the Policy tab of a tunnel interface policy. Once you have turned that on, you can switch to Advanced Routing in the Network Routing window. You will see the tunnel policy. This will allow you turn on RIP (a distance vector routing protocol which uses the shortest route between points) or OSPF (a link state routing protocol that uses a metric to determine the best route between points). Once RIP and OSPF are configured, appliances will advertise their routes to one another, which eliminates the need to create static route policies between tunnel interface VPNs. It will be dynamic, which is a distinct advantage over site to site.
These skills can be developed in the following courses
SNSA – SonicWall Network Security Administration
SonicWall Network Security Professionals (SNSP).
Network Administrator Essentials
How to configure redundant routes in route-base VPNs
SonicWall’s How Do I Configure a Tunnel Interface VPN (Route Based VPN) provides detailed information on how to configure redundant routes. article.
How to configure OSPF
SonicWall’s Configuring Dynamic Routing Based VPN Using OSPF (Tunnel InterfaceVPN With Advanced Routing Article) article.
Trending Articles
15 Top-Paying Certifications
The Best Cloud Certifications You Should Pursue
12 Challenges Facing IT Professionals
The Three Types of Multi-Factor Authentication (MFA).
For IT professionals, certification value continues to grow
View All Articles
Delivery Formats
Classroom Live
Virtual Classroom Live
Blended Life
On-Demand
Private Group Training
View All Delivery Formats