---
title: "Tunnel sub-tab"
slug: "tunnel-sub-tab"
updated: 2025-01-07T11:16:31Z
published: 2025-01-07T11:16:31Z
canonical: "docs.zpesystems.com/tunnel-sub-tab"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zpesystems.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Tunnel sub-tab

The main table displays available tunnels. ![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/vpn-ipsec.png)

### Add New Tunnel

1. Go to *Network :: VPN :: IPsec :: Tunnel*.
2. Click **Add** (displays dialog). ![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/add-new-tunnel.png)
3. Enter **Name.**
4. On **Initiate Tunnel** drop-down, select one (Start, Ignore, On-Demand)
5. On **IKE Profile** drop-down, select one (Cisco_ASA, PaloAlto, nodegrid)
6. (optional) On **Custom Up/Down Script** drop-down, select one (this customized script can set configuration changes and activities, when the tunnel is up or down).
7. In *Authentication Method*menu, select either of the following options.
  1. **Pre-Shared Key** radio button (expands dialog). Enter **Secret**.
  2. **RSA Key** radio button (expands dialog):

![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678715598439.png)
    - **Left Public Key**
    - **Right Public Key**
    - **Generate Left Public Key**
  3. **Certificate:**Allows you to set up a tunnel using certificates as the authentication method. This involves using certificates configured under the **Security**:: **Certificates** page.

![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1706264903345.png)
    1. **Left Certificate**: Choose the necessary certificate for the sides that are connected to your tunnel.
    2. **Right Certificate**: Select a value when you intend to establish a side-to-side configuration with up to two nodes. In cases where there are more than two nodes, you should not enter any value into this field.
8. In the *Local*menu, enter:
  1. **Left ID**
  2. **Left Address** drop-down, select one (selection depends on the system configuration)
  3. **Left Source IP Address**
  4. **Left Subnet**
9. In the *Remote*menu, enter:
  1. **Right ID**
  2. **Right Address**
  3. **Right Source IP Address**
  4. **Right Subnet**
10. (optional) In the *Monitoring* menu, select **Enable Monitoring**checkbox (expands dialog).

![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678715906125.png)
  1. **Source IP Address**(ping from)
    - **Destination IP Address** (ping to)
    - **Number of Retries** (pings before triggering Action)
    - **Interval (seconds)** (time between retries)
  2. On **Action**drop-down, select one (if the tunnel does not respond):
    - **Restart IPsec** (to resolve issues with key negotiation)
    - **Restart Tunnel** (to resolve issues with key negotiation)
    - **Failover** (fails over to another IPsec tunnel) (expands dialog). On **IPsec Tunnel** drop-down, select one.

![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678715726580.png)
11. (optional) In *Virtual Tunnel Interface* menu, select **Enable Virtual Tunnel![](https://cdn.document360.io/763c5fb1-b9af-4ccd-9ad6-cf28ae4cd5a3/Images/Documentation/image-1678716026107.png)**
  1. **Interface** checkbox (expands dialog), enter details:
  2. **Mark**
  3. **Address**
  4. **Interface**
  5. **Automatically create VTI routes** checkbox
  6. **Share VTI with other connections** checkbox
12. Click **Save**.

### Edit Tunnel

1. Go to *Network :: VPN drop-down :: IPsec :: Tunnel*.
2. In the *Name* column, click a name (displays dialog).
3. Make changes, as needed.
4. Click **Save**.

### Delete Tunnel

1. Go to *Network :: VPN drop-down :: IPsec :: Tunnel*.
2. In the table, select checkbox of tunnel to delete.
3. Click **Delete**.

### Start Tunnel

1. Go to *Network :: VPN drop-down :: IPsec :: Tunnel*.
2. In the table, select checkbox of tunnel to start.
3. Click **Start Tunnel**.

### Stop Tunnel

1. Go to *Network :: VPN drop-down :: IPsec :: Tunnel*.
2. In the table, select checkbox of tunnel to stop.
3. Click **Stop Tunnel**.