Configure WEST

The following example configuration is for the WEST system.

Step Command

Table 1. Basic site-to-site IPsec VPN connection over IPv6 - WEST
Step	Command
View the data plane interface configuration on WEST.	`vyatta@WEST# show interfaces dataplane dataplane dp0p1p2 { address 2001:db8:10::1/64 duplex auto hw-id 00:15:5d:00:d5:33 speed auto } dataplane dp0p1p3 { address 2001:db8:1::1/64 duplex auto hw-id 00:15:5d:00:d5:34 speed auto } } [edit]`
View the IPv6 IPsec configuration on WEST.	`vyatta@WEST# show security vpn vpn { ipsec { esp-group ESP-1W { lifetime 3600 mode tunnel pfs enable proposal 1 { encryption aes128 hash sha1 } } ike-group IKE-1W { lifetime 28800 proposal 1 { encryption aes128 hash sha1 } }`
View the IPv6 IPsec configuration on WEST.	`logging { log-modes all } nat-traversal disable site-to-site { peer 2001:db8:10::2 { authentication { mode pre-shared-secret pre-shared-secret test123 } connection-type initiate default-esp-group ESP-1W ike-group IKE-1W local-address 2001:db8:10::1 tunnel 1 { allow-nat-networks disable allow-public-networks disable local { prefix 2001:db8:1::/64 } remote { prefix 2001:db8:2::/64 } } } } } } [edit]`

View the data plane interface configuration on WEST.

vyatta@WEST# show interfaces dataplane

 dataplane dp0p1p2 {
    address 2001:db8:10::1/64
    duplex auto
    hw-id 00:15:5d:00:d5:33
    speed auto
 }
 dataplane dp0p1p3 {
    address 2001:db8:1::1/64
    duplex auto
    hw-id 00:15:5d:00:d5:34
    speed auto }
 }
[edit]

View the IPv6 IPsec configuration on WEST.

vyatta@WEST# show security vpn

 vpn {
    ipsec {
        esp-group ESP-1W {
            lifetime 3600
            mode tunnel
            pfs enable
            proposal 1 {
                encryption aes128
                hash sha1
            }
        }
        ike-group IKE-1W {
            lifetime 28800
            proposal 1 {
                encryption aes128
                hash sha1
            }
        }

View the IPv6 IPsec configuration on WEST.

        logging {
            log-modes all
        }
        nat-traversal disable
        site-to-site {
            peer 2001:db8:10::2 {
                authentication {
                    mode pre-shared-secret
                    pre-shared-secret test123
                }
                connection-type initiate
                default-esp-group ESP-1W
                ike-group IKE-1W
                local-address 2001:db8:10::1
                tunnel 1 {
                    allow-nat-networks disable
                    allow-public-networks disable
                    local {
                        prefix 2001:db8:1::/64
                    }
                    remote {
                        prefix 2001:db8:2::/64
                    }
                }
            } 
       } 
   }
 }
[edit]

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Configure WEST

Helpful Links

Key Resources