Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Securing the mGRE tunnel on SPOKE2

To secure the mGRE tunnel with IPsec, perform the following steps on SPOKE2 in configuration mode.

Table 1. Securing the mGRE tunnel with IPsec

Step

Command

Create the profile node.

vyatta@SPOKE2# set security vpn ipsec profile DMVPN

Set the authentication mode.

vyatta@SPOKE2# set security vpn ipsec profile DMVPN authentication mode pre-shared-secret

Define the preshared secret key. It must match that set on remote systems.

vyatta@SPOKE2# set security vpn ipsec profile DMVPN authentication pre-shared-secret NET123

Bind the IPsec configuration to the tunnel.

vyatta@SPOKE2# set security vpn ipsec profile DMVPN bind tunnel tun0

Specify the ESP configuration to use.

vyatta@SPOKE2# set security vpn ipsec profile DMVPN esp-group ESP-1S

Specify the IKE configuration to use.

vyatta@SPOKE2# set security vpn ipsec profile DMVPN ike-group IKE-1S

Commit the configuration.

vyatta@SPOKE2# commit

View the configuration for the profile.

vyatta@SPOKE2# show vpn ipsec profile DMVPN

 authentication {
	   mode pre-shared-secret
	   pre-shared-secret NET123
 }
 bind {
	   tunnel tun0
 }
 esp-group ESP-1S
 ike-group IKE-1S