Service LAN VPN Feature

Configure LAN VPN feature.

Diagram

Classes

service_profiles (sdwan.feature_profiles)

Name	Type	Constraint	Mandatory	Default Value
lan_vpns	List	`[lan_vpns]`	No

lan_vpns (sdwan.feature_profiles.service_profiles)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[^&<>! "]{1,128}$`	Yes
description	String		No
bgp	String	Regex: `^[^&<>! "]{1,128}$`	No
gre_routes	List	`[gre_routes]`	No
host_mappings	List	`[host_mappings]`	No
ipsec_routes	List	`[ipsec_routes]`	No
ipv4_export_route_targets	List	`[ipv4_export_route_targets]`	No
ipv4_import_route_targets	List	`[ipv4_import_route_targets]`	No
ipv4_omp_admin_distance	Integer	min: `1`, max: `255`	No
ipv4_omp_admin_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_omp_advertise_routes	List	`[ipv4_omp_advertise_routes]`	No
ipv4_primary_dns_address	IP		No
ipv4_primary_dns_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_secondary_dns_address	IP		No
ipv4_secondary_dns_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_static_routes	List	`[ipv4_static_routes]`	No
ipv6_import_route_targets	List	`[ipv6_import_route_targets]`	No
ipv6_export_route_targets	List	`[ipv6_export_route_targets]`	No
ipv6_omp_admin_distance	Integer	min: `1`, max: `255`	No
ipv6_omp_admin_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv6_omp_advertise_routes	List	`[ipv6_omp_advertise_routes]`	No
ipv6_primary_dns_address	IP		No
ipv6_primary_dns_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv6_secondary_dns_address	IP		No
ipv6_secondary_dns_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv6_static_routes	List	`[ipv6_static_routes]`	No
nat_pools	List	`[nat_pools]`	No
nat_port_forwards	List	`[nat_port_forwards]`	No
nat64_pools	List	`[nat64_pools]`	No
ospf	String	Regex: `^[^&<>! "]{1,128}$`	No
route_leaks_from_global	List	`[route_leaks_from_global]`	No
route_leaks_to_global	List	`[route_leaks_to_global]`	No
route_leaks_from_service	List	`[route_leaks_from_service]`	No
sdwan_remote_access	Boolean	`true`, `false`	No
services	List	`[services]`	No
service_routes	List	`[service_routes]`	No
static_nat_entries	List	`[static_nat_entries]`	No
vpn_id	Integer	min: `0`, max: `65527`	No
vpn_id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
vpn_name	String	min: `1`, max: `244`	No
vpn_name_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

gre_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
interfaces	List	String[Regex: `^(gre\|GRE)(.:){0,1}([0-9]*)$`]	No
interfaces_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
network_address	IP		No
network_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

host_mappings (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
hostname	String	min: `1`, max: `32`	No
hostname_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ips	List	IP	No
ips_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipsec_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
interfaces	List	String[Regex: `^(ipsec\|IPSEC)(.:){0,1}([0-9]*)$`]	No
interfaces_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
network_address	IP		No
network_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv4_export_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
route_target	String	Regex: `^(([0-9]+\.[0-9]+)\|([0-9]+)\|((([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])\.){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]))):[0-9]+$`	No
route_target_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv4_import_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
route_target	String	Regex: `^(([0-9]+\.[0-9]+)\|([0-9]+)\|((([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])\.){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]))):[0-9]+$`	No
route_target_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv4_omp_advertise_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
aggregates	List	`[aggregates]`	No
networks	List	`[networks]`	No
protocol	Choice	`bgp`, `ospf`, `ospfv3`, `connected`, `static`, `network`, `aggregate`, `eigrp`, `lisp`, `isis`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No

ipv4_static_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
gateway	Choice	`nexthop`, `dhcp`, `null0`, `vpn`	No	`nexthop`
network_address	IP		No
network_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
next_hops	List	`[next_hops]`	No
next_hops_with_tracker	List	`[next_hops_with_tracker]`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_import_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
route_target	String	Regex: `^(([0-9]+\.[0-9]+)\|([0-9]+)\|((([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])\.){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]))):[0-9]+$`	No
route_target_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_export_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
route_target	String	Regex: `^(([0-9]+\.[0-9]+)\|([0-9]+)\|((([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])\.){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]))):[0-9]+$`	No
route_target_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_omp_advertise_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
aggregates	List	`[aggregates]`	No
networks	List	`[networks]`	No
protocol	Choice	`bgp`, `ospf`, `connected`, `static`, `network`, `aggregate`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No

ipv6_static_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
gateway	Choice	`nexthop`, `nat`, `null0`	No	`nexthop`
nat	Choice	`nat64`, `nat66`	No
nat_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
next_hops	List	`[next_hops]`	No
prefix	String	Regex: ((^\s((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}\|:))\|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}\|((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3})\|:))\|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})\|:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3})\|:))\|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})\|((:[0-9A-Fa-f]{1,4})?:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:))\|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})\|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:))\|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})\|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:))\|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})\|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:))\|(:(((:[0-9A-Fa-f]{1,4}){1,7})\|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:)))(%.+)?\s(\/)(\b([0-9]{1,2}\|1[01][0-9]\|12[0-8])\b)$))	No
prefix_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

nat_pools (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
direction	Choice	`inside`, `outside`	No
direction_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
id	Integer	min: `1`, max: `32`	No
id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
overload	Boolean	`true`, `false`	No
overload_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
prefix_length	Integer	min: `1`, max: `32`	No
prefix_length_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
range_start	IP		No
range_start_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
range_end	IP		No
range_end_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tracker_object	String	Regex: `^[^<! ]{1,128}$`	No

nat_port_forwards (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
nat_pool_id	Integer	min: `1`, max: `31`	No
nat_pool_id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
protocol	Choice	`tcp`, `udp`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
source_ip	IP		No
source_ip_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
source_port	Integer	min: `1`, max: `65535`	No
source_port_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
translate_ip	IP		No
translate_ip_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
translate_port	Integer	min: `1`, max: `65535`	No
translate_port_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

nat64_pools (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
name	String	min: `1`, max: `32`	No
overload	Boolean	`true`, `false`	No
overload_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
range_start	IP		No
range_start_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
range_end	IP		No
range_end_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

route_leaks_from_global (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
protocol	Choice	`static`, `connected`, `bgp`, `ospf`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No
redistributions	List	`[redistributions]`	No

route_leaks_to_global (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
protocol	Choice	`static`, `connected`, `bgp`, `ospf`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No
redistributions	List	`[redistributions]`	No

route_leaks_from_service (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
source_vpn	Integer	min: `0`, max: `65530`	No
source_vpn_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
protocol	Choice	`static`, `connected`, `bgp`, `ospf`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No
redistributions	List	`[redistributions]`	No

services (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
ipv4_addresses	List	IP	No
ipv4_addresses_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
service_type	Choice	`fw`, `ids`, `idp`, `netsvc1`, `netsvc2`, `netsvc3`, `netsvc4`, `te`, `appqoe`	No
service_type_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
track_enable	Boolean	`true`, `false`	No
track_enable_variable	String	Regex: `^[^"~`$&+,]255$`	No

service_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
network_address	IP		No
network_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
service	Choice	`sig`	No

static_nat_entries (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
direction	Choice	`inside`, `outside`	No
direction_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
nat_pool_id	Integer	min: `1`, max: `32`	No
nat_pool_id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
source_ip	IP		No
source_ip_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tracker_object	String	Regex: `^[^<! ]{1,128}$`	No
translate_ip	IP		No
translate_ip_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

aggregates (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_omp_advertise_routes)

Name	Type	Constraint	Mandatory
aggregate_address	IP		No
aggregate_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
aggregate_only	Boolean	`true`, `false`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
region	Choice	`access`, `core`, `core-and-access`	No
region_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

networks (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_omp_advertise_routes)

Name	Type	Constraint	Mandatory
network_address	IP		No
network_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
region	Choice	`access`, `core`, `core-and-access`	No
region_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

next_hops (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_static_routes)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
administrative_distance	Integer	min: `1`, max: `255`	No
administrative_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

next_hops_with_tracker (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_static_routes)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
administrative_distance	Integer	min: `1`, max: `255`	No
administrative_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tracker	String	Regex: `^[^<! ]{1,128}$`	No

aggregates (sdwan.feature_profiles.service_profiles.lan_vpns.ipv6_omp_advertise_routes)

Name	Type	Constraint	Mandatory
aggregate_prefix	IP		No
aggregate_prefix_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
aggregate_only	Boolean	`true`, `false`	No
region	Choice	`access`, `core`, `core-and-access`	No
region_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

networks (sdwan.feature_profiles.service_profiles.lan_vpns.ipv6_omp_advertise_routes)

Name	Type	Constraint	Mandatory
prefix	IP		No
prefix_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
region	Choice	`access`, `core`, `core-and-access`	No
region_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

next_hops (sdwan.feature_profiles.service_profiles.lan_vpns.ipv6_static_routes)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
administrative_distance	Integer	min: `1`, max: `255`	No
administrative_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

redistributions (sdwan.feature_profiles.service_profiles.lan_vpns.route_leaks_from_global)

Name	Type	Constraint	Mandatory
protocol	Choice	`bgp`, `ospf`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No

redistributions (sdwan.feature_profiles.service_profiles.lan_vpns.route_leaks_to_global)

Name	Type	Constraint	Mandatory
protocol	Choice	`bgp`, `ospf`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No

redistributions (sdwan.feature_profiles.service_profiles.lan_vpns.route_leaks_from_service)

Name	Type	Constraint	Mandatory
protocol	Choice	`bgp`, `ospf`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No

Examples

Example-1: Basic LAN VPN Configuration

The example below illustrates how to configure a LAN VPN feature within a service profile. It defines the LAN VPN instance, specifying the VPN ID, static IPv4 and IPv6 routes for internal network reachability, OMP route advertisements, DNS server addresses as well as static host mapping.

sdwan:
  feature_profiles:
    service_profiles:
      - name: BRANCH-LAN-VPN20
        description: Branch LAN VPN 20
        lan_vpns:
          - name: BRANCH-LAN-VPN20
            description: Branch LAN VPN for internal users
            vpn_id: 20
            vpn_name: VPN20-LAN
            ipv4_omp_advertise_routes:
              - protocol: connected
              - protocol: static
              - protocol: ospf
                route_policy: route-policy-omp
            ipv4_primary_dns_address: 10.2.1.1
            ipv4_secondary_dns_address: 10.2.1.2
            ipv4_static_routes:
              - network_address: 10.10.10.0
                subnet_mask: 255.255.255.0
                gateway: nexthop
                next_hops:
                  - address: 10.2.1.1
                    administrative_distance: 1
            ipv6_static_routes:
              - prefix: 2001:0:0:2::0/64
                gateway: nexthop
                next_hops:
                  - address: 2001:0:0:1::1
                    administrative_distance: 1
            ipv6_omp_advertise_routes:
              - protocol: connected
              - protocol: static
            ipv6_primary_dns_address: 2001:0:0:1::1
            ipv6_secondary_dns_address: 2001:0:0:2::2
            host_mappings:
              - hostname: fileserver.example
                ips:
                  - 10.20.0.10
            route_leaks_from_global:
              - protocol: connected
                redistributions:
                  - protocol: ospf
                    route_policy: import-from-global