Skip to content

VPN Feature Template

The example below show the configuations of VPN template for transport and service

Diagram

Diagram

Classes

edge_feature_templates (sdwan)

NameTypeConstraintMandatoryDefault Value
vpn_templatesList[vpn_templates]No

vpn_templates (sdwan.edge_feature_templates)

NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[^<>!&" ]{1,128}$Yes
descriptionStringYes
device_typesListChoice[ASR-1001-HX, ASR-1001-X, ASR-1002-HX, ASR-1002-X, ASR-1006-X, C1101-4P, C1101-4PLTEP, C1101-4PLTEPW, C1109-2PLTEGB, C1109-2PLTEUS, C1109-2PLTEVZ, C1109-4PLTE2P, C1109-4PLTE2PW, C1111-4P, C1111-4PLTEEA, C1111-4PLTELA, C1111-4PW, C1111-8P, C1111-8PLTEEA, C1111-8PLTEEAW, C1111-8PLTELA, C1111-8PLTELAW, C1111-8PW, C1111X-8P, C1112-8P, C1112-8PLTEEA, C1112-8PLTEEAWE, C1112-8PWE, C1113-8P, C1113-8PLTEEA, C1113-8PLTEEAW, C1113-8PLTELA, C1113-8PLTELAWZ, C1113-8PLTEW, C1113-8PM, C1113-8PMLTEEA, C1113-8PMWE, C1113-8PW, C1116-4P, C1116-4PLTEEA, C1116-4PLTEEAWE, C1116-4PWE, C1117-4P, C1117-4PLTEEA, C1117-4PLTEEAW, C1117-4PLTELA, C1117-4PLTELAWZ, C1117-4PM, C1117-4PMLTEEA, C1117-4PMLTEEAWE, C1117-4PMWE, C1117-4PW, C1118-8P, C1121-4P, C1121-4PLTEP, C1121-8P, C1121-8PLTEP, C1121-8PLTEPW, C1121X-8P, C1121X-8PLTEP, C1121X-8PLTEPW, C1126-8PLTEP, C1126X-8PLTEP, C1127-8PLTEP, C1127-8PMLTEP, C1127X-8PLTEP, C1127X-8PMLTEP, C1128-8PLTEP, C1131-8PLTEPW, C1131-8PW, C1131X-8PLTEPW, C1131X-8PW, C1161-8P, C1161-8PLTEP, C1161X-8P, C1161X-8PLTEP, C8000V, C8200-1N-4T, C8200L-1N-4T, C8300-1N1S-4T2X, C8300-1N1S-6T, C8300-2N2S-4T2X, C8300-2N2S-6T, C8500-12X, C8500-12X4QC, C8500-20X6C, C8500L-8S4X, IR-1101, IR-1821, IR-1831, IR-1833, IR-1835, IR-8140H, IR-8140H-P, IR-8340, ISR-4221, ISR-4221X, ISR-4321, ISR-4331, ISR-4351, ISR-4431, ISR-4451-X, ISR-4461, ISR1100-4G-XE, ISR1100-4GLTEGB-XE, ISR1100-4GLTENA-XE, ISR1100-6G-XE, ISR1100X-4G-XE, ISR1100X-6G-XE]No
enhance_ecmp_keyingBooleantrue, falseNo
enhance_ecmp_keying_variableStringRegex: ^[^"~$&+,]255$`No
ipv4_dns_hostsList[ipv4_dns_hosts]No
ipv4_primary_dns_serverIPNo
ipv4_primary_dns_server_variableStringRegex: ^[^"~$&+,]255$`No
ipv4_secondary_dns_serverIPNo
ipv4_secondary_dns_server_variableStringRegex: ^[^"~$&+,]255$`No
ipv4_static_gre_routesList[ipv4_static_gre_routes]No
ipv4_static_ipsec_routesList[ipv4_static_ipsec_routes]No
ipv4_static_routesList[ipv4_static_routes]No
ipv4_static_service_routesList[ipv4_static_service_routes]No
ipv6_dns_hostsList[ipv6_dns_hosts]No
ipv6_primary_dns_serverIPNo
ipv6_primary_dns_server_variableStringRegex: ^[^"~$&+,]255$`No
ipv6_secondary_dns_serverIPNo
ipv6_secondary_dns_server_variableStringRegex: ^[^"~$&+,]255$`No
ipv6_static_routesList[ipv6_static_routes]No
nat_poolsList[nat_pools]No
nat64_poolsList[nat64_pools]No
omp_admin_distance_ipv4Integermin: 1, max: 255No
omp_admin_distance_ipv4_variableStringRegex: ^[^"~$&+,]255$`No
omp_admin_distance_ipv6Integermin: 1, max: 255No
omp_admin_distance_ipv6_variableStringRegex: ^[^"~$&+,]255$`No
omp_advertise_ipv4_routesList[omp_advertise_ipv4_routes]No
omp_advertise_ipv6_routesList[omp_advertise_ipv6_routes]No
port_forwarding_rulesList[port_forwarding_rules]No
route_global_exportsList[route_global_exports]No
route_global_importsList[route_global_imports]No
route_vpn_importsList[route_vpn_imports]No
servicesList[services]No
static_nat_rulesList[static_nat_rules]No
static_nat_subnet_rulesList[static_nat_subnet_rules]No
vpn_idIntegermin: 0, max: 65527Yes
vpn_nameStringmin: 1, max: 32No
vpn_name_variableStringRegex: ^[^"~$&+,]255$`No

ipv4_dns_hosts (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
hostnameStringmin: 1, max: 128, matches: `^(([a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9-_][a-zA-Z0-9]).)([A-Za-z0-9]
hostname_variableStringRegex: ^[^"~$&+,]255$`No
ipsListIPNo
ips_variableStringRegex: ^[^"~$&+,]255$`No
optionalBooleantrue, falseNo

ipv4_static_gre_routes (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
interfacesListString[Regex: ^gre[0-9]{1,3}$]No
interfaces_variableStringRegex: ^[^"~$&+,]255$`No
prefixIPNo
prefix_variableStringRegex: ^[^"~$&+,]255$`No
optionalBooleantrue, falseNo

ipv4_static_ipsec_routes (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
interfacesListString[Regex: ^ipsec[0-9]{1,3}$]No
interfaces_variableStringRegex: ^[^"~$&+,]255$`No
prefixIPNo
prefix_variableStringRegex: ^[^"~$&+,]255$`No
optionalBooleantrue, falseNo

ipv4_static_routes (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
next_hop_dhcpBooleantrue, falseNo
next_hop_null0Booleantrue, falseNo
next_hop_null0_distanceIntegermin: 1, max: 255No
next_hop_null0_distance_variableStringRegex: ^[^"~$&+,]255$`No
next_hop_diaBooleantrue, falseNo
next_hopsList[next_hops]No
optionalBooleantrue, falseNo
prefixIPNo
prefix_variableStringRegex: ^[^"~$&+,]255$`No
track_next_hopsList[track_next_hops]No

ipv4_static_service_routes (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
prefixIPNo
prefix_variableStringRegex: ^[^"~$&+,]255$`No
serviceChoicesigNo

ipv6_dns_hosts (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
hostnameStringmin: 1, max: 128, matches: `^(([a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9-_][a-zA-Z0-9]).)([A-Za-z0-9]
hostname_variableStringRegex: ^[^"~$&+,]255$`No
ipsListIPNo
ips_variableStringRegex: ^[^"~$&+,]255$`No
optionalBooleantrue, falseNo

ipv6_static_routes (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
natChoiceNAT64, NAT66No
nat_variableStringRegex: ^[^"~$&+,]255$`No
next_hop_null0Booleantrue, falseNo
next_hop_diaBooleantrue, falseNo
next_hopsList[next_hops]No
optionalBooleantrue, falseNo
prefixIPNo
prefix_variableStringRegex: ^[^"~$&+,]255$`No

nat_pools (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
directionChoiceinside, outsideNo
direction_variableStringRegex: ^[^"~$&+,]255$`No
idIntegermin: 1, max: 31No
id_variableStringRegex: ^[^"~$&+,]255$`No
overloadBooleantrue, falseNo
overload_variableStringRegex: ^[^"~$&+,]255$`No
prefix_lengthIntegermin: 1, max: 31No
prefix_length_variableStringRegex: ^[^"~$&+,]255$`No
range_startIPNo
range_start_variableStringRegex: ^[^"~$&+,]255$`No
range_endIPNo
range_end_variableStringRegex: ^[^"~$&+,]255$`No
tracker_idIntegermin: 1, max: 1000No
tracker_id_variableStringRegex: ^[^"~$&+,]255$`No

nat64_pools (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 32Yes
overloadBooleantrue, falseNo
overload_variableStringRegex: ^[^"~$&+,]255$`No
range_startIPNo
range_start_variableStringRegex: ^[^"~$&+,]255$`No
range_endIPNo
range_end_variableStringRegex: ^[^"~$&+,]255$`No

omp_advertise_ipv4_routes (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
networksList[networks]No
protocolChoicebgp, ospf, ospfv3, connected, static, network, aggregate, eigrp, lisp, isisNo
protocol_variableStringRegex: ^[^"~$&+,]255$`No
route_policyStringmin: 1, max: 127No
route_policy_variableStringRegex: ^[^"~$&+,]255$`No

omp_advertise_ipv6_routes (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
networksList[networks]No
protocolChoicebgp, ospf, connected, static, network, aggregateNo
protocol_variableStringRegex: ^[^"~$&+,]255$`No
route_policyStringmin: 1, max: 127No
route_policy_variableStringRegex: ^[^"~$&+,]255$`No

port_forwarding_rules (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
nat_pool_idIntegermin: 1, max: 31No
nat_pool_id_variableStringRegex: ^[^"~$&+,]255$`No
protocolChoicetcp, udpNo
protocol_variableStringRegex: ^[^"~$&+,]255$`No
source_ipIPNo
source_ip_variableStringRegex: ^[^"~$&+,]255$`No
source_portIntegermin: 1, max: 65535No
source_port_variableStringRegex: ^[^"~$&+,]255$`No
translate_ipIPNo
translate_ip_variableStringRegex: ^[^"~$&+,]255$`No
translate_portIntegermin: 1, max: 65535No
translate_port_variableStringRegex: ^[^"~$&+,]255$`No

route_global_exports (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
protocolChoicestatic, connected, bgp, ospfNo
protocol_variableStringRegex: ^[^"~$&+,]255$`No
route_policyStringNo
redistributesList[redistributes]No

route_global_imports (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
protocolChoicestatic, connected, bgp, eigrp, ospfNo
protocol_variableStringRegex: ^[^"~$&+,]255$`No
route_policyStringNo
redistributesList[redistributes]No

route_vpn_imports (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
protocolChoicestatic, connected, bgp, eigrp, ospfNo
protocol_variableStringRegex: ^[^"~$&+,]255$`No
route_policyStringNo
route_policy_variableStringRegex: ^[^"~$&+,]255$`No
source_vpn_idIntegermin: 1, max: 65530No
source_vpn_id_variableStringRegex: ^[^"~$&+,]255$`No
redistributesList[redistributes]No

services (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
addressesListIPNo
addresses_variableStringRegex: ^[^"~$&+,]255$`No
service_typeChoiceFW, IDS, IDP, netsvc1, netsvc2, netsvc3, netsvc4, TE, appqoeNo
track_enableBooleantrue, falseNo
track_enable_variableStringRegex: ^[^"~$&+,]255$`No

static_nat_rules (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
directionChoiceinside, outsideNo
direction_variableStringRegex: ^[^"~$&+,]255$`No
nat_pool_idIntegermin: 1, max: 31No
nat_pool_id_variableStringRegex: ^[^"~$&+,]255$`No
optionalBooleantrue, falseNo
source_ipIPNo
source_ip_variableStringRegex: ^[^"~$&+,]255$`No
tracker_idIntegermin: 1, max: 1000No
tracker_id_variableStringRegex: ^[^"~$&+,]255$`No
translate_ipIPNo
translate_ip_variableStringRegex: ^[^"~$&+,]255$`No

static_nat_subnet_rules (sdwan.edge_feature_templates.vpn_templates)

NameTypeConstraintMandatoryDefault Value
directionChoiceinside, outsideNo
direction_variableStringRegex: ^[^"~$&+,]255$`No
optionalBooleantrue, falseNo
prefix_lengthIntegermin: 1, max: 32No
prefix_length_variableStringRegex: ^[^"~$&+,]255$`No
source_ip_subnetIPNo
source_ip_subnet_variableStringRegex: ^[^"~$&+,]255$`No
tracker_idIntegermin: 1, max: 1000No
tracker_id_variableStringRegex: ^[^"~$&+,]255$`No
translate_ip_subnetIPNo
translate_ip_subnet_variableStringRegex: ^[^"~$&+,]255$`No

next_hops (sdwan.edge_feature_templates.vpn_templates.ipv4_static_routes)

NameTypeConstraintMandatoryDefault Value
addressIPNo
address_variableStringRegex: ^[^"~$&+,]255$`No
distanceIntegermin: 1, max: 255No
distance_variableStringRegex: ^[^"~$&+,]255$`No

track_next_hops (sdwan.edge_feature_templates.vpn_templates.ipv4_static_routes)

NameTypeConstraintMandatoryDefault Value
addressIPNo
address_variableStringRegex: ^[^"~$&+,]255$`No
distanceIntegermin: 1, max: 255No
distance_variableStringRegex: ^[^"~$&+,]255$`No
trackerStringmin: 1, max: 128No
tracker_variableStringRegex: ^[^"~$&+,]255$`No

next_hops (sdwan.edge_feature_templates.vpn_templates.ipv6_static_routes)

NameTypeConstraintMandatoryDefault Value
addressIPNo
address_variableStringRegex: ^[^"~$&+,]255$`No
distanceIntegermin: 1, max: 255No
distance_variableStringRegex: ^[^"~$&+,]255$`No

networks (sdwan.edge_feature_templates.vpn_templates.omp_advertise_ipv4_routes)

NameTypeConstraintMandatoryDefault Value
aggregate_onlyBooleantrue, falseNo
aggregate_only_variableStringRegex: ^[^"~$&+,]255$`No
prefixIPNo
prefix_variableStringRegex: ^[^"~$&+,]255$`No
optionalBooleantrue, falseNo

networks (sdwan.edge_feature_templates.vpn_templates.omp_advertise_ipv6_routes)

NameTypeConstraintMandatoryDefault Value
aggregate_onlyBooleantrue, falseNo
aggregate_only_variableStringRegex: ^[^"~$&+,]255$`No
prefixIPNo
prefix_variableStringRegex: ^[^"~$&+,]255$`No
optionalBooleantrue, falseNo

redistributes (sdwan.edge_feature_templates.vpn_templates.route_global_exports)

NameTypeConstraintMandatoryDefault Value
protocolChoicebgp, eigrp, ospfNo
protocol_variableStringRegex: ^[^"~$&+,]255$`No
route_policyStringNo

redistributes (sdwan.edge_feature_templates.vpn_templates.route_global_imports)

NameTypeConstraintMandatoryDefault Value
protocolChoicebgp, ospfNo
protocol_variableStringRegex: ^[^"~$&+,]255$`No
route_policyStringNo

redistributes (sdwan.edge_feature_templates.vpn_templates.route_vpn_imports)

NameTypeConstraintMandatoryDefault Value
protocolChoicebgp, eigrp, ospfNo
protocol_variableStringRegex: ^[^"~$&+,]255$`No
route_policyStringNo
route_policy_variableStringRegex: ^[^"~$&+,]255$`No

Examples

Example-1 : In the below example , VPN template for transport VPN is configured. vpn_id should always be set 0 since its this template is applicable to transport side and variables are configured for two dns servers. There is a host-mapping for vbond which has been configured globally. Static route is configured along with variables for nexthops.

sdwan:
edge_feature_templates:
vpn_templates:
- name: TRANSPORT_VPN
description: Transport VPN Template
ipv4_primary_dns_server_variable: vpn0_dns_primary
ipv4_secondary_dns_server_variable: vpn0_dns_secondary
vpn_name: TRANSPORT_VPN
vpn_id: 0
ipv4_dns_hosts:
- hostname: vbond.cisco.com
ips:
- 1.1.1.1
- 2.2.2.2
ipv4_static_routes:
- prefix: 0.0.0.0/0
optional: false
next_hops:
- address_variable: vpn0_ipv4_route1_nexthop1_ip
distance_variable: vpn0_ipv4_route1_nexthop1_distance
- address_variable: vpn0_ipv4_route1_nexthop2_ip
distance_variable: vpn0_ipv4_route1_nexthop2_distance

Example-2 : In the below example , VPN template for Service VPN is configured. vpn_id is set to 10 and variables are configured for two dns servers within service vpn. OMP routes are advertised to BGP as part of below configuration.

sdwan:
edge_feature_templates:
vpn_templates:
- name: SERVICE_VPN10
description: Service VPN10 Template
ipv4_primary_dns_server_variable: vpn0_dns_primary
ipv4_secondary_dns_server_variable: vpn0_dns_secondary
vpn_name: SERVICE_VPN10
vpn_id: 10
omp_advertise_ipv4_routes:
- protocol: bgp