Configure WEST
This task defines configuration changes for a new site-to-site connection to EAST.
- The main change is the IP address specification of the peer. This is set to the hostname for EAST: “east.company.com”. This is the hostname that is configured on EAST with the dynamic DNS provider. Because the IP address for EAST can be resolved, WEST can either initiate IPsec connections to, or receive IPsec connections from EAST.
- The other important change is to configure auto-update so that if EAST's IP address changes, the IPsec connection to EAST will be restarted automatically.
To configure this connection, perform the following steps on WEST in configuration mode.
Step | Command |
---|---|
Delete the previous configuration. |
|
Create the node for EAST and set the authentication mode. |
|
Navigate to the node for the peer for easier editing. |
|
Provide the string that will be used to generate encryption keys. |
|
Specify the default ESP group for all tunnels. |
|
Specify the IKE group. |
|
Identify the IP address on this Vyatta router to be used for this connection. |
|
Create a tunnel configuration, and provide the local subnet for this tunnel. |
|
Provide the remote subnet for the tunnel. |
|
Return to the top of the configuration tree. |
|
Commit the configuration. |
|
View the configuration for the site-to-site connection. |
|
View data plane interface dp0p1p2 address configuration. local-address is set to this address. |
|
Specify that the IPsec connection should be refreshed every 60 seconds - in case the peer's IP address changes. If this happens, the new IP address will be resolved via the dynamic DNS service provider. |
|
Commit the configuration. |
|
View the configuration. |
|