User's Manual Part 3

Adding and Editing VPN Sites

326 Check Point Safe@Office User Guide

In this field… Do this…

Route Based VPN Click this option to create a virtual tunnel interface (VTI) for this site, so

that it can participate in a route-based VPN.

Route-based VPNs allow routing connections over VPN tunnels, so that

remote VPN sites can participate in dynamic or static routing schemes.

This improves network and VPN management efficiency for large

networks.

For constantly changing networks, it is recommended to use a route-based

VPN combined with OSPF dynamic routing. This enables you to make

frequent changes to the network topology, such as adding an internal

network, without having to reconfigure static routes.

OSPF is enabled using CLI. For information on using CLI, see Controlling

the Appliance via the Command Line on page 390. For information on

the relevant commands for OSPF, refer to the Embedded NGX CLI

Reference Guide.

This option is only available for when configuring a Site-to-Site VPN

gateway.

Destination network Type up to three destination network addresses at the VPN site to which

you want to connect.

Subnet mask Select the subnet masks for the destination network addresses.

Note: Obtain the destination networks and subnet masks from the VPN

site’s system administrator.

Backup Gateway Type the name of the VPN site to use if the primary VPN site fails.