home

Supported platforms

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Configure EAST

This task defines configuration required to create a virtual tunnel interface on EAST.

To configure this interface, perform the following steps on EAST in configuration mode.

Table 1. Creating a virtual tunnel interface on EAST
Step Command
Create the vti interface and assign it an IP address.
vyatta@EAST# set interfaces vti vti0 address 192.0.2.250/30

[edit]
Commit the configuration.
vyatta@EAST# commit
View the configuration.
vyatta@EAST# show interfaces vti

 vti0 {
address 192.0.2.250/30
 }

This task defines configuration changes for a new site-to-site connection to WEST.

  • The main changes from the basic site-to-site configuration are that the tunnel specification and default-esp-group specification are removed, and that the VPN is bound to the virtual tunnel interface created above.

To configure this connection, perform the following steps on EAST in configuration mode.

Table 2. Binding the VPN connection to the virtual tunnel interface
Step Command

Navigate to the node for the peer for easier editing.

vyatta@EAST# edit security vpn ipsec site-to-site peer 192.0.2.1

[edit security vpn ipsec site-to-site peer 192.0.2.
1]
Delete the default-esp-group specification from the previous configuration.
vyatta@EAST# delete default-esp-group

[edit security vpn ipsec site-to-site peer 192.0.2.
1]
Delete the tunnel specification from the previous configuration.
vyatta@EAST# delete tunnel

[edit security vpn ipsec site-to-site peer 192.0.2.
1]
Bind the VPN tunnel to the vti0 interface.
vyatta@EAST# set vti bind vti0

[edit security vpn ipsec site-to-site peer 192.0.2.
1]
Specify the ESP group for the tunnel.
vyatta@EAST# set vti esp-group ESP-1E

[edit security vpn ipsec site-to-site peer 192.0.2.
1]
Return to the top of the configuration tree.
vyatta@EAST# top
Commit the configuration.
vyatta@EAST# commit
View the configuration for the site-to-site connection.
vyatta@EAST# show security vpn ipsec site-to-site peer 192.0.2.1

    authentication {
        mode pre-shared-secret
        pre-shared-secret test_key_1
    }
    ike-group IKE-1E
    local-address 192.0.2.33
    vti {
        bind vti0
        esp-group ESP-1E
    }