VPN Feature Template
The example below show the configuations of VPN template for transport and service
Diagram
Classes
edge_feature_templates (sdwan)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| vpn_templates | List | [vpn_templates] | No |
vpn_templates (sdwan.edge_feature_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[^<>!&" ]{1,128}$ | Yes | |
| description | String | Yes | ||
| device_types | List | Choice[ASR-1001-HX, ASR-1001-X, ASR-1002-HX, ASR-1002-X, ASR-1006-X, C1101-4P, C1101-4PLTEP, C1101-4PLTEPW, C1109-2PLTEGB, C1109-2PLTEUS, C1109-2PLTEVZ, C1109-4PLTE2P, C1109-4PLTE2PW, C1111-4P, C1111-4PLTEEA, C1111-4PLTELA, C1111-4PW, C1111-8P, C1111-8PLTEEA, C1111-8PLTEEAW, C1111-8PLTELA, C1111-8PLTELAW, C1111-8PW, C1111X-8P, C1112-8P, C1112-8PLTEEA, C1112-8PLTEEAWE, C1112-8PWE, C1113-8P, C1113-8PLTEEA, C1113-8PLTEEAW, C1113-8PLTELA, C1113-8PLTELAWZ, C1113-8PLTEW, C1113-8PM, C1113-8PMLTEEA, C1113-8PMWE, C1113-8PW, C1116-4P, C1116-4PLTEEA, C1116-4PLTEEAWE, C1116-4PWE, C1117-4P, C1117-4PLTEEA, C1117-4PLTEEAW, C1117-4PLTELA, C1117-4PLTELAWZ, C1117-4PM, C1117-4PMLTEEA, C1117-4PMLTEEAWE, C1117-4PMWE, C1117-4PW, C1118-8P, C1121-4P, C1121-4PLTEP, C1121-8P, C1121-8PLTEP, C1121-8PLTEPW, C1121X-8P, C1121X-8PLTEP, C1121X-8PLTEPW, C1126-8PLTEP, C1126X-8PLTEP, C1127-8PLTEP, C1127-8PMLTEP, C1127X-8PLTEP, C1127X-8PMLTEP, C1128-8PLTEP, C1131-8PLTEPW, C1131-8PW, C1131X-8PLTEPW, C1131X-8PW, C1161-8P, C1161-8PLTEP, C1161X-8P, C1161X-8PLTEP, C8000V, C8200-1N-4T, C8200L-1N-4T, C8300-1N1S-4T2X, C8300-1N1S-6T, C8300-2N2S-4T2X, C8300-2N2S-6T, C8500-12X, C8500-12X4QC, C8500-20X6C, C8500L-8S4X, IR-1101, IR-1821, IR-1831, IR-1833, IR-1835, IR-8140H, IR-8140H-P, IR-8340, ISR-4221, ISR-4221X, ISR-4321, ISR-4331, ISR-4351, ISR-4431, ISR-4451-X, ISR-4461, ISR1100-4G-XE, ISR1100-4GLTEGB-XE, ISR1100-4GLTENA-XE, ISR1100-6G-XE, ISR1100X-4G-XE, ISR1100X-6G-XE] | No | |
| enhance_ecmp_keying | Boolean | true, false | No | |
| enhance_ecmp_keying_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| ipv4_dns_hosts | List | [ipv4_dns_hosts] | No | |
| ipv4_primary_dns_server | IP | No | ||
| ipv4_primary_dns_server_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| ipv4_secondary_dns_server | IP | No | ||
| ipv4_secondary_dns_server_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| ipv4_static_gre_routes | List | [ipv4_static_gre_routes] | No | |
| ipv4_static_ipsec_routes | List | [ipv4_static_ipsec_routes] | No | |
| ipv4_static_routes | List | [ipv4_static_routes] | No | |
| ipv4_static_service_routes | List | [ipv4_static_service_routes] | No | |
| ipv6_dns_hosts | List | [ipv6_dns_hosts] | No | |
| ipv6_primary_dns_server | IP | No | ||
| ipv6_primary_dns_server_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| ipv6_secondary_dns_server | IP | No | ||
| ipv6_secondary_dns_server_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| ipv6_static_routes | List | [ipv6_static_routes] | No | |
| nat_pools | List | [nat_pools] | No | |
| nat64_pools | List | [nat64_pools] | No | |
| omp_admin_distance_ipv4 | Integer | min: 1, max: 255 | No | |
| omp_admin_distance_ipv4_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| omp_admin_distance_ipv6 | Integer | min: 1, max: 255 | No | |
| omp_admin_distance_ipv6_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| omp_advertise_ipv4_routes | List | [omp_advertise_ipv4_routes] | No | |
| omp_advertise_ipv6_routes | List | [omp_advertise_ipv6_routes] | No | |
| port_forwarding_rules | List | [port_forwarding_rules] | No | |
| route_global_exports | List | [route_global_exports] | No | |
| route_global_imports | List | [route_global_imports] | No | |
| route_vpn_imports | List | [route_vpn_imports] | No | |
| services | List | [services] | No | |
| static_nat_rules | List | [static_nat_rules] | No | |
| static_nat_subnet_rules | List | [static_nat_subnet_rules] | No | |
| vpn_id | Integer | min: 0, max: 65527 | Yes | |
| vpn_name | String | min: 1, max: 32 | No | |
| vpn_name_variable | String | Regex: ^[^"~$&+,]255$` | No |
ipv4_dns_hosts (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| hostname | String | min: 1, max: 128, matches: `^(([a-zA-Z0-9] | [a-zA-Z0-9][a-zA-Z0-9- | _][a-zA-Z0-9]).)([A-Za-z0-9] |
| hostname_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| ips | List | IP | No | |
| ips_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| optional | Boolean | true, false | No |
ipv4_static_gre_routes (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| interfaces | List | String[Regex: ^gre[0-9]{1,3}$] | No | |
| interfaces_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| prefix | IP | No | ||
| prefix_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| optional | Boolean | true, false | No |
ipv4_static_ipsec_routes (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| interfaces | List | String[Regex: ^ipsec[0-9]{1,3}$] | No | |
| interfaces_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| prefix | IP | No | ||
| prefix_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| optional | Boolean | true, false | No |
ipv4_static_routes (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| next_hop_dhcp | Boolean | true, false | No | |
| next_hop_null0 | Boolean | true, false | No | |
| next_hop_null0_distance | Integer | min: 1, max: 255 | No | |
| next_hop_null0_distance_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| next_hop_dia | Boolean | true, false | No | |
| next_hops | List | [next_hops] | No | |
| optional | Boolean | true, false | No | |
| prefix | IP | No | ||
| prefix_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| track_next_hops | List | [track_next_hops] | No |
ipv4_static_service_routes (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| prefix | IP | No | ||
| prefix_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| service | Choice | sig | No |
ipv6_dns_hosts (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| hostname | String | min: 1, max: 128, matches: `^(([a-zA-Z0-9] | [a-zA-Z0-9][a-zA-Z0-9- | _][a-zA-Z0-9]).)([A-Za-z0-9] |
| hostname_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| ips | List | IP | No | |
| ips_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| optional | Boolean | true, false | No |
ipv6_static_routes (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| nat | Choice | NAT64, NAT66 | No | |
| nat_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| next_hop_null0 | Boolean | true, false | No | |
| next_hop_dia | Boolean | true, false | No | |
| next_hops | List | [next_hops] | No | |
| optional | Boolean | true, false | No | |
| prefix | IP | No | ||
| prefix_variable | String | Regex: ^[^"~$&+,]255$` | No |
nat_pools (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| direction | Choice | inside, outside | No | |
| direction_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| id | Integer | min: 1, max: 31 | No | |
| id_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| overload | Boolean | true, false | No | |
| overload_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| prefix_length | Integer | min: 1, max: 31 | No | |
| prefix_length_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| range_start | IP | No | ||
| range_start_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| range_end | IP | No | ||
| range_end_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| tracker_id | Integer | min: 1, max: 1000 | No | |
| tracker_id_variable | String | Regex: ^[^"~$&+,]255$` | No |
nat64_pools (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | min: 1, max: 32 | Yes | |
| overload | Boolean | true, false | No | |
| overload_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| range_start | IP | No | ||
| range_start_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| range_end | IP | No | ||
| range_end_variable | String | Regex: ^[^"~$&+,]255$` | No |
omp_advertise_ipv4_routes (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| networks | List | [networks] | No | |
| protocol | Choice | bgp, ospf, ospfv3, connected, static, network, aggregate, eigrp, lisp, isis | No | |
| protocol_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| route_policy | String | min: 1, max: 127 | No | |
| route_policy_variable | String | Regex: ^[^"~$&+,]255$` | No |
omp_advertise_ipv6_routes (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| networks | List | [networks] | No | |
| protocol | Choice | bgp, ospf, connected, static, network, aggregate | No | |
| protocol_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| route_policy | String | min: 1, max: 127 | No | |
| route_policy_variable | String | Regex: ^[^"~$&+,]255$` | No |
port_forwarding_rules (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| nat_pool_id | Integer | min: 1, max: 31 | No | |
| nat_pool_id_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| protocol | Choice | tcp, udp | No | |
| protocol_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| source_ip | IP | No | ||
| source_ip_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| source_port | Integer | min: 1, max: 65535 | No | |
| source_port_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| translate_ip | IP | No | ||
| translate_ip_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| translate_port | Integer | min: 1, max: 65535 | No | |
| translate_port_variable | String | Regex: ^[^"~$&+,]255$` | No |
route_global_exports (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| protocol | Choice | static, connected, bgp, ospf | No | |
| protocol_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| route_policy | String | No | ||
| redistributes | List | [redistributes] | No |
route_global_imports (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| protocol | Choice | static, connected, bgp, eigrp, ospf | No | |
| protocol_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| route_policy | String | No | ||
| redistributes | List | [redistributes] | No |
route_vpn_imports (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| protocol | Choice | static, connected, bgp, eigrp, ospf | No | |
| protocol_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| route_policy | String | No | ||
| route_policy_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| source_vpn_id | Integer | min: 1, max: 65530 | No | |
| source_vpn_id_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| redistributes | List | [redistributes] | No |
services (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| addresses | List | IP | No | |
| addresses_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| service_type | Choice | FW, IDS, IDP, netsvc1, netsvc2, netsvc3, netsvc4, TE, appqoe | No | |
| track_enable | Boolean | true, false | No | |
| track_enable_variable | String | Regex: ^[^"~$&+,]255$` | No |
static_nat_rules (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| direction | Choice | inside, outside | No | |
| direction_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| nat_pool_id | Integer | min: 1, max: 31 | No | |
| nat_pool_id_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| optional | Boolean | true, false | No | |
| source_ip | IP | No | ||
| source_ip_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| tracker_id | Integer | min: 1, max: 1000 | No | |
| tracker_id_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| translate_ip | IP | No | ||
| translate_ip_variable | String | Regex: ^[^"~$&+,]255$` | No |
static_nat_subnet_rules (sdwan.edge_feature_templates.vpn_templates)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| direction | Choice | inside, outside | No | |
| direction_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| optional | Boolean | true, false | No | |
| prefix_length | Integer | min: 1, max: 32 | No | |
| prefix_length_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| source_ip_subnet | IP | No | ||
| source_ip_subnet_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| tracker_id | Integer | min: 1, max: 1000 | No | |
| tracker_id_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| translate_ip_subnet | IP | No | ||
| translate_ip_subnet_variable | String | Regex: ^[^"~$&+,]255$` | No |
next_hops (sdwan.edge_feature_templates.vpn_templates.ipv4_static_routes)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| address | IP | No | ||
| address_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| distance | Integer | min: 1, max: 255 | No | |
| distance_variable | String | Regex: ^[^"~$&+,]255$` | No |
track_next_hops (sdwan.edge_feature_templates.vpn_templates.ipv4_static_routes)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| address | IP | No | ||
| address_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| distance | Integer | min: 1, max: 255 | No | |
| distance_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| tracker | String | min: 1, max: 128 | No | |
| tracker_variable | String | Regex: ^[^"~$&+,]255$` | No |
next_hops (sdwan.edge_feature_templates.vpn_templates.ipv6_static_routes)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| address | IP | No | ||
| address_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| distance | Integer | min: 1, max: 255 | No | |
| distance_variable | String | Regex: ^[^"~$&+,]255$` | No |
networks (sdwan.edge_feature_templates.vpn_templates.omp_advertise_ipv4_routes)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| aggregate_only | Boolean | true, false | No | |
| aggregate_only_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| prefix | IP | No | ||
| prefix_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| optional | Boolean | true, false | No |
networks (sdwan.edge_feature_templates.vpn_templates.omp_advertise_ipv6_routes)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| aggregate_only | Boolean | true, false | No | |
| aggregate_only_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| prefix | IP | No | ||
| prefix_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| optional | Boolean | true, false | No |
redistributes (sdwan.edge_feature_templates.vpn_templates.route_global_exports)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| protocol | Choice | bgp, eigrp, ospf | No | |
| protocol_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| route_policy | String | No |
redistributes (sdwan.edge_feature_templates.vpn_templates.route_global_imports)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| protocol | Choice | bgp, ospf | No | |
| protocol_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| route_policy | String | No |
redistributes (sdwan.edge_feature_templates.vpn_templates.route_vpn_imports)
| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| protocol | Choice | bgp, eigrp, ospf | No | |
| protocol_variable | String | Regex: ^[^"~$&+,]255$` | No | |
| route_policy | String | No | ||
| route_policy_variable | String | Regex: ^[^"~$&+,]255$` | No |
Examples
Example-1 : In the below example , VPN template for transport VPN is configured. vpn_id should always be set 0 since its this template is applicable to transport side and variables are configured for two dns servers. There is a host-mapping for vbond which has been configured globally. Static route is configured along with variables for nexthops.
sdwan: edge_feature_templates: vpn_templates: - name: TRANSPORT_VPN description: Transport VPN Template ipv4_primary_dns_server_variable: vpn0_dns_primary ipv4_secondary_dns_server_variable: vpn0_dns_secondary vpn_name: TRANSPORT_VPN vpn_id: 0 ipv4_dns_hosts: - hostname: vbond.cisco.com ips: - 1.1.1.1 - 2.2.2.2 ipv4_static_routes: - prefix: 0.0.0.0/0 optional: false next_hops: - address_variable: vpn0_ipv4_route1_nexthop1_ip distance_variable: vpn0_ipv4_route1_nexthop1_distance - address_variable: vpn0_ipv4_route1_nexthop2_ip distance_variable: vpn0_ipv4_route1_nexthop2_distanceExample-2 : In the below example , VPN template for Service VPN is configured. vpn_id is set to 10 and variables are configured for two dns servers within service vpn. OMP routes are advertised to BGP as part of below configuration.
sdwan: edge_feature_templates: vpn_templates: - name: SERVICE_VPN10 description: Service VPN10 Template ipv4_primary_dns_server_variable: vpn0_dns_primary ipv4_secondary_dns_server_variable: vpn0_dns_secondary vpn_name: SERVICE_VPN10 vpn_id: 10 omp_advertise_ipv4_routes: - protocol: bgp