home

Supported platforms

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

thumbnailSupported platforms

Example of VFP configuration to handle overlapping IP addresses

Verify the configuration

An example of how to verify the site-to-site VPN with VFP configuration.

Complete these steps to confirm that the configuration is working properly.
  1. Show IKE sessions.
    VYATTA@CORPA:~$ SHOW VPN IKE SA
    PEER ID / IP				LOCAL ID / IP
------------					-------------
128.0.0.13					128.0.0.11

	STATE	ENCRYPT		HASH	D-H GRP	A-TIME	L-TIME	IKEV
	-----	------------	-----	-------	------	------	----
	UP	AES256		SHA1	5	0	3000	1
  2. Show established ESP connections (1).
    vyatta@CORPA:~$ show vpn ipsec sa
    Peer ID / IP				Local ID / IP
------------					-------------
128.0.0.13					128.0.0.11
Tunnel	Id	State	Bytes Out/In	Encrypt	Hash	DH	A-Time	L-Time
------ 	--	-----	------------	-------	----	--	------	------
1	3	up	0.0/0.0		aes256	sha1	5	451	1500
  3. Show established ESP connections (2).
    vyatta@CORPA:~$ show vpn ipsec sa detail peer 128.0.0.13
    ------------------------------------------------------------------
Peer IP:		128.0.0.13
Peer ID:		128.0.0.13
Local IP:		128.0.0.11
Local ID:		128.0.0.11
NAT Traversal:		no
NAT Source Port:	n/a
NAT Dest Port:		n/a

	Tunnel 1:
		State:			up
		Id:			5
		Inbound SPI:		cee5e0bb
		Outbound SPI:		ca01d0b1
		Encryption:		aes256
		Hash:			sha1
		DH Group:		5

		Local Net:		10.0.3.0/24
		Local Protocol:		all
		Local Port:		all

		Remote Net:		10.0.1.0/24
		Remote Protocol:	all
		Remote Port:		all

		Inbound Bytes:		252.0
		Outbound Bytes:		252.0

		Inbound Blocked:	no
		Outbound Blocked:	no

		Active Time (s):	318
		Lifetime (s):		1500
  4. Show SNAT rules.
    vyatta@CORPA:~$ show nat source
    ------------------------
NAT Rulesets Information
--------------------------
SOURCE
rule	intf	match			translation
----	----	-----			-----------
10	vfp1	from 10.0.2.0/24	dynamic any -> 10.0.3.1-10.0.3.254
  5. Show seen SNAT translations.
    vyatta@CORPA:~$ show nat source translations
    Pre-NAT		Post-NAT	Prot	Timeout
10.0.2.1:4323	10.0.3.1:4323	icmp	57
  6. Show NAT sessions.
    vyatta@CORPA:~$ show session table
    TCP state codes: SS - SYN SENT, SR - SYN RECEIVED, ES - ESTABLISHED, FW - FIN WAIT, CW - CLOSE WAIT, CG - CLOSING, LA - LAST ACK, TW - TIME WAIT, CL - CLOSED

CONN ID	Source		Destination	Protocol	TIMEOUT	Intf	Parent
1	10.0.2.1:4323	10.0.1.1:4323	icmp [1] ES	15	vfp1	0
  7. Optional: View IPsec logs.
    • Display the entire IPsec log.
      show log vpn ipsec
    • Display the tail end of the log.
      mnonitor vpn ipsec

Last updated: December 22, 2021