Basic site-to-site connection
This section presents a sample configuration for a basic IPsec tunnel between WEST and EAST vRouter on an IPv4 network. First WEST is configured, and then EAST. When you have finished, these peers will be configured as shown in the following section.
Before you begin:
- In this set of examples, we assume that you have two vRouter , with host names configured WEST and EAST. (The example systems are configured with the host name in upper case.)
- Any data plane interface used for IPsec VPN must already be configured. In this example, you need dp0p1p2 on WEST and dp0p1p1 on EAST, plus internal subnet information.
- The interface must be configured with the IP address you want to use as the source IP for packets sent to the peer VPN gateway. In this example, IP address 192.0.2.1 is defined on dp0p1p2 of WEST, and 192.0.2.33 is defined on dp0p1p1 of EAST. In examples where the interface is configured as a DHCP client, the interface address is set to dhcp.
Note: The sending and receiving of ICMP redirects is disabled when IPsec VPN is configured.
Note: In the vRouter, a data plane interface is an abstraction that represents the underlying physical or virtual Ethernet interface of the system.The terms Ethernet interface and data plane interface are synonymous in this guide.