VPN Interface IPsec Feature Template
Configure a standard IPsec interface, the interface name, the admin status, the IKEv2 parameters, the IPsec parameters, the tunnel source interface, the tunnel destination, the IP maximum transmission unit (MTU), the Transmission Control Protocol maximum segment size (TCP MSS), and more.
Diagram
Classes
edge_feature_templates (sdwan)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ipsec_interface_templates | List | [ipsec_interface_templates] | No |
ipsec_interface_templates (sdwan.edge_feature_templates)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[^<>!&" ]{1,128}$ | Yes | |
description | String | Yes | ||
device_types | List | Choice[ASR-1001-HX , ASR-1001-X , ASR-1002-HX , ASR-1002-X , ASR-1006-X , C1101-4P , C1101-4PLTEP , C1101-4PLTEPW , C1109-2PLTEGB , C1109-2PLTEUS , C1109-2PLTEVZ , C1109-4PLTE2P , C1109-4PLTE2PW , C1111-4P , C1111-4PLTEEA , C1111-4PLTELA , C1111-4PW , C1111-8P , C1111-8PLTEEA , C1111-8PLTEEAW , C1111-8PLTELA , C1111-8PLTELAW , C1111-8PW , C1111X-8P , C1112-8P , C1112-8PLTEEA , C1112-8PLTEEAWE , C1112-8PWE , C1113-8P , C1113-8PLTEEA , C1113-8PLTEEAW , C1113-8PLTELA , C1113-8PLTELAWZ , C1113-8PLTEW , C1113-8PM , C1113-8PMLTEEA , C1113-8PMWE , C1113-8PW , C1116-4P , C1116-4PLTEEA , C1116-4PLTEEAWE , C1116-4PWE , C1117-4P , C1117-4PLTEEA , C1117-4PLTEEAW , C1117-4PLTELA , C1117-4PLTELAWZ , C1117-4PM , C1117-4PMLTEEA , C1117-4PMLTEEAWE , C1117-4PMWE , C1117-4PW , C1118-8P , C1121-4P , C1121-4PLTEP , C1121-8P , C1121-8PLTEP , C1121-8PLTEPW , C1121X-8P , C1121X-8PLTEP , C1121X-8PLTEPW , C1126-8PLTEP , C1126X-8PLTEP , C1127-8PLTEP , C1127-8PMLTEP , C1127X-8PLTEP , C1127X-8PMLTEP , C1128-8PLTEP , C1131-8PLTEPW , C1131-8PW , C1131X-8PLTEPW , C1131X-8PW , C1161-8P , C1161-8PLTEP , C1161X-8P , C1161X-8PLTEP , C8000V , C8200-1N-4T , C8200L-1N-4T , C8300-1N1S-4T2X , C8300-1N1S-6T , C8300-2N2S-4T2X , C8300-2N2S-6T , C8500-12X , C8500-12X4QC , C8500-20X6C , C8500L-8S4X , IR-1101 , IR-1821 , IR-1831 , IR-1833 , IR-1835 , IR-8140H , IR-8140H-P , IR-8340 , ISR-4221 , ISR-4221X , ISR-4321 , ISR-4331 , ISR-4351 , ISR-4431 , ISR-4451-X , ISR-4461 , ISR1100-4G-XE , ISR1100-4GLTEGB-XE , ISR1100-4GLTENA-XE , ISR1100-6G-XE , ISR1100X-4G-XE , ISR1100X-6G-XE ] | No | |
application | Choice | none , sig | No | |
application_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
clear_dont_fragment | Boolean | true , false | No | |
clear_dont_fragment_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
dead_peer_detection_interval | Integer | min: 10 , max: 3600 | No | |
dead_peer_detection_interval_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
dead_peer_detection_retries | Integer | min: 2 , max: 60 | No | |
dead_peer_detection_retries_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
ike | Class | [ike] | No | |
interface_description | String | No | ||
interface_description_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
interface_name | String | Regex: ^(ipsec[0-9]{0,3}|gre[0-9]{0,3})$ | No | |
interface_name_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
ip_address | IP | No | ||
ip_address_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
ipsec | Class | [ipsec] | No | |
mtu | Integer | min: 576 , max: 9216 | No | |
mtu_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
shutdown | Boolean | true , false | No | |
shutdown_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
tcp_mss | Integer | min: 500 , max: 1460 | No | |
tcp_mss_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
tracker | String | No | ||
tracker_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
tunnel_destination | Any | IP or String | No | |
tunnel_destination_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
tunnel_source_interface | String | No | ||
tunnel_source_interface_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
tunnel_source_ip | IP | No | ||
tunnel_source_ip_variable | String | Regex: ^[^"~ $&+,]255$` | No |
ike (sdwan.edge_feature_templates.ipsec_interface_templates)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ciphersuite | Choice | aes256-cbc-sha1 , aes256-cbc-sha2 , aes128-cbc-sha1 , aes128-cbc-sha2 | No | |
ciphersuite_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
group | Choice | 2 , 14 , 15 , 16 , 19 , 20 , 21 , 24 | No | |
group_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
mode | Choice | main , aggressive | No | |
mode_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
pre_shared_key | String | max: 127 | No | |
pre_shared_key_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
pre_shared_key_local_id | String | max: 63 | No | |
pre_shared_key_local_id_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
pre_shared_key_remote_id | String | max: 63 | No | |
pre_shared_key_remote_id_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
rekey_interval | Integer | min: 60 , max: 86400 | No | |
rekey_interval_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
version | Integer | min: 1 , max: 2 | No |
ipsec (sdwan.edge_feature_templates.ipsec_interface_templates)
Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ciphersuite | Choice | aes256-cbc-sha1 , aes256-cbc-sha384 , aes256-cbc-sha256 , aes256-cbc-sha512 , aes256-gcm , null-sha1 , null-sha384 , null-sha256 , null-sha512 | No | |
ciphersuite_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
perfect_forward_secrecy | Choice | group-1 , group-2 , group-5 , group-14 , group-15 , group-16 , group-19 , group-20 , group-21 , group-24 , none | No | |
perfect_forward_secrecy_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
rekey_interval | Integer | min: 120 , max: 2592000 | No | |
rekey_interval_variable | String | Regex: ^[^"~ $&+,]255$` | No | |
replay_window | Integer | min: 64 , max: 4096 | No | |
replay_window_variable | String | Regex: ^[^"~ $&+,]255$` | No |
Examples
sdwan: edge_feature_templates: ipsec_interface_templates: - name: FT-CEDGE-IPSEC101-V01 description: "Manual IPSec Tunnel #1" dead_peer_detection_interval: 20 interface_description: "Manual IPSec tunnel #1" interface_name: ipsec101 ike: pre_shared_key_local_id: localid@acme.com pre_shared_key_variable: vpn0_ipsec101_pre_shared_key ciphersuite: aes256-cbc-sha1 group: 14 rekey_interval: 14400 version: 2 ipsec: ciphersuite: null-sha1 rekey_interval: 28800 perfect_forward_secrecy: none mtu: 1400 shutdown: false tcp_mss: 1360 tunnel_destination_variable: vpn0_ipsec101_tunnel_dest_ip tunnel_source_interface_variable: vpn0_ipsec101_source_wan_if