Defining the IPsec tunnel on EAST
This task creates the IPsec tunnel from EAST to WEST.
- EAST uses IP address 192.0.2.33 on dp0p1p1.
- WEST uses IP address 192.0.2.1 on dp0p1p2.
- The IKE group is IKE-1E.
- The preshared secret is “test_key_1”.
- All GRE traffic will be passed through the tunnel.
This examples assumes that you have already configured the following:
- IKE group IKE-1E (see Configure an IKE group on EAST)
- ESP group ESP-1E (see Configure an ESP group on EAST)
To create the IPsec tunnel from EAST to WEST, perform the following steps on EAST in configuration mode.
Step | Command |
---|---|
Define the site-to-site connection to WEST. Set the authentication mode. |
|
Navigate to the node for the peer for easier editing. |
|
Provide the string that will be used to authenticate the peers. |
|
Specify the default ESP group for all tunnels. |
|
Specify the IKE group. |
|
Identify the IP address on this vRouter to be used for this connection. |
|
Specify that only GRE traffic will pass through the tunnel. |
|
Return to the top of the configuration hierarchy. |
|
Commit the configuration. |
|
View the modified configuration. |
|
View data plane interface dp0p1p1 address configuration. local-address is set to this address. |
|