We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure VPN GTI Settings for a VPN Service

  • Last updated on

Before adding VPN services to the VPN group you must configure GTI VPN setting for each service. This information is then used by the GTI editor when creating VPN tunnels.

  • Transport Source IP – The IP address the VPN service is listening on.
  • Transport Listening IP – The external IP address the VPN service can be reached at.

In this article:

Step 1. Add the On-premise Networks

Add the on-premise networks you want to make available through the VPN tunnel to the Server Properties.

  1. Open the Server Properties page (Config > Multi-Range > your range your cluster > Virtual Servers > your virtual server).
  2. In the left menu click on Network.
  3. Click Lock.
  4. Enter the local networks you want to be available over the VPN in the Server/GTI Networks table. E.g., 10.0.10.0/25
  5. Click Send Changes and Activate.

Step 2. Configure the VPN GTI Settings

Configure the IP addresses the VPN service is listening on and the IP addresses through which the VPN service can be reached from the outside. Enter all configured IP addresses, you can remove them later when configuring the VPN tunnel in the GTI editor as needed.

  1. Open the VPN GTI Settings page (Config > Multi-Range > your range your cluster > Virtual Servers > your virtual server > VPN Service).
  2. Click Lock.
  3. Select the Transport Source IP:
    • All Service IPs – Use all IP addresses defined in the Service Properties of the VPN service.
    • First-IP – Use the first IP address of the virtual server.  Service Properties of the VPN service must be configured to use the first IP address.
    • Second-IP – Use the second IP address of the virtual server. Service Properties of the VPN service must be configured to use the second IP address.
    • Dynamic (via routing) – Source IP address is chosen via routing lookup. 
    • Explicit – Select Explicit and enter the IP addresses in the Explicit Transport Source IP table.
  4. Select the Transport Listening IP:
    • Use Transport Source IPs – Use all IP addresses defined as a Transport Source
    • First-IP – Use the first IP address of the virtual server.  Service Properties of the VPN service must be configured to use the first IP address.
    • Second-IP – Use the second IP address of the virtual server. Service Properties of the VPN service must be configured to use the second IP address.
    • Dynamic (via routing) – Source IP address is chosen via routing lookup. 
    • Explicit – Select Explicit and enter the IP addresses in the Explicit Transport Listening IP table.

      If you are only using active VPN connections from this VPN service you can disable the Transport Listening IP by entering 127.0.0.1 in the Explicit Transport Listening IP table.

  5. Click Send Changes and Activate.

Next Step

Add the VPN service to a VPN Group and create VPN tunnels using the GTI Editor. For more information, see How to Create a VPN Tunnel with the VPN GTI Editor.

Last updated on