Defining the IPsec tunnel on EAST
This task creates the IPsec tunnel from EAST to WEST.
- EAST uses IP address 192.0.2.33 on dp0p1p1.
- WEST uses IP address 192.0.2.1 on dp0p1p2.
- The IKE group is IKE-1E.
- The preshared secret is “test_key_1”.
- All GRE traffic will be passed through the tunnel.
This examples assumes that you have already configured the following:
- IKE group IKE-1E (see Configure an IKE group on EAST)
- ESP group ESP-1E (see Configure an ESP group on EAST)
To create the IPsec tunnel from EAST to WEST, perform the following steps on EAST in configuration mode.
Define the site-to-site connection to WEST. Set the authentication mode.
Navigate to the node for the peer for easier editing.
Provide the string that will be used to authenticate the peers.
Specify the default ESP group for all tunnels.
Specify the IKE group.
Identify the IP address on this vRouter to be used for this connection.
Specify that only GRE traffic will pass through the tunnel.
Return to the top of the configuration hierarchy.
Commit the configuration.
View the modified configuration.
View data plane interface dp0p1p1 address configuration. local-address is set to this address.