Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Configure WEST

This task defines configuration required to create a virtual tunnel interface on WEST.

To configure this interface, perform the following steps on WEST in configuration mode.

Table 1. Creating a virtual tunnel interface on WEST
Step Command

Create the vti interface and assign it an IP address.

vyatta@WEST# set interfaces vti vti0 address 192.0.2.249/30

[edit]

Commit the configuration.

vyatta@WEST# commit

View the configuration.

vyatta@WEST# show interfaces vti

 vti0 {
address 192.0.2.249/30
 }

This task defines configuration changes for a new site-to-site connection to EAST.

The main changes from the basic site-to-site configuration are that the tunnel specification and default-esp-group specification are removed, and that the VPN is bound to the virtual tunnel interface created above.

To configure this connection, perform the following steps on WEST in configuration mode.

Table 2. Binding the VPN connection to the virtual tunnel interface
Step Command
Navigate to the node for the peer for easier editing.
vyatta@WEST# edit security vpn ipsec site-to-site peer 192.0.2.33

[edit security vpn ipsec site-to-site peer 192.0.2.33]
Delete the default-esp-group specification from the previous configuration.
vyatta@WEST# delete default-esp-group

[edit security vpn ipsec site-to-site peer 192.0.2.33]
Delete the tunnel specification from the previous configuration.
vyatta@WEST# delete tunnel

[edit security vpn ipsec site-to-site peer 192.0.2.33]
Bind the VPN tunnel to the vti0 interface.
vyatta@WEST# set vti bind vti0

[edit security vpn ipsec site-to-site peer 192.0.2.33]
Specify the ESP group for the tunnel.
vyatta@WEST# set vti esp-group ESP-1W

[edit security vpn ipsec site-to-site peer 192.0.2.33]
Return to the top of the configuration tree.
vyatta@WEST# top
Commit the configuration.
vyatta@WEST# commit
View the configuration for the site-to-site connection.
vyatta@WEST# show security vpn ipsec site-to-site peer 192.0.2.33

    authentication {
        mode pre-shared-secret
        pre-shared-secret test_key_1
    }
    ike-group IKE-1W
    local-address 192.0.2.1
    vti {
        bind vti0
        esp-group ESP-1W
    }