How do you designate the “enforcement point gateway” for the peers involved in “VPN
Directional Enforcement”?
A.
From the WebUI’s of the peers add a static route to the “designated enforcement point”.
B.
In the file $FWDIR/conf/user.def on each peer with a route entry to the enforcement point
gateway.
C.
Designate this gateway in the VPN community properties.
D.
Editing file $FWDIR/conf/vpn_route.conf on each peer with a route entry to the
enforcement point gateway.
Explanation:
From the R77 VPN Admin guide (p.113): VPN Directional Enforcement can take place between two VPN communities. In this case, one gateway must be configured as a member of both communities and the enforcement point between them. Every other peer gateway in both communities must have a route entry to the enforcement point gateway in its vpn_route.conf file.