Service LAN VPN Feature

Configure LAN VPN feature.

Diagram

Classes

service_profiles (sdwan.feature_profiles)

Name	Type	Constraint	Mandatory	Default Value
lan_vpns	List	`[lan_vpns]`	No

lan_vpns (sdwan.feature_profiles.service_profiles)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[^&<>! "]{1,128}$`	Yes
description	String		No
bgp	String	Regex: `^[^&<>! "]{1,128}$`	No
eigrp	String	Regex: `^[^&<>! "]{1,128}$`	No
ethernet_interfaces	List	`[ethernet_interfaces]`	No
gre_routes	List	`[gre_routes]`	No
host_mappings	List	`[host_mappings]`	No
ipsec_routes	List	`[ipsec_routes]`	No
ipv4_export_route_targets	List	`[ipv4_export_route_targets]`	No
ipv4_import_route_targets	List	`[ipv4_import_route_targets]`	No
ipv4_omp_admin_distance	Integer	min: `1`, max: `255`	No
ipv4_omp_admin_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_omp_advertise_routes	List	`[ipv4_omp_advertise_routes]`	No
ipv4_primary_dns_address	IP		No
ipv4_primary_dns_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_secondary_dns_address	IP		No
ipv4_secondary_dns_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_static_routes	List	`[ipv4_static_routes]`	No
ipv6_import_route_targets	List	`[ipv6_import_route_targets]`	No
ipv6_export_route_targets	List	`[ipv6_export_route_targets]`	No
ipv6_omp_admin_distance	Integer	min: `1`, max: `255`	No
ipv6_omp_admin_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv6_omp_advertise_routes	List	`[ipv6_omp_advertise_routes]`	No
ipv6_primary_dns_address	IP		No
ipv6_primary_dns_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv6_secondary_dns_address	IP		No
ipv6_secondary_dns_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv6_static_routes	List	`[ipv6_static_routes]`	No
nat_pools	List	`[nat_pools]`	No
nat_port_forwards	List	`[nat_port_forwards]`	No
nat64_pools	List	`[nat64_pools]`	No
ospf	String	Regex: `^[^&<>! "]{1,128}$`	No
route_leaks_from_global	List	`[route_leaks_from_global]`	No
route_leaks_to_global	List	`[route_leaks_to_global]`	No
route_leaks_from_service	List	`[route_leaks_from_service]`	No
sdwan_remote_access	Boolean	`true`, `false`	No
services	List	`[services]`	No
service_routes	List	`[service_routes]`	No
static_nat_entries	List	`[static_nat_entries]`	No
vpn_id	Integer	min: `0`, max: `65527`	No
vpn_id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
vpn_name	String	min: `1`, max: `244`	No
vpn_name_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ethernet_interfaces (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[^&<>! "]{1,128}$`	Yes
description	String		No
arp_entries	List	`[arp_entries]`	No
arp_timeout	Integer	min: `0`, max: `2147483`	No
arp_timeout_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
autonegotiate	Boolean	`true`, `false`	No
autonegotiate_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
dhcp_server	String	Regex: `^[^&<>! "]{1,128}$`	No
duplex	Choice	`full`, `half`, `auto`	No
duplex_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
icmp_redirect_disable	Boolean	`true`, `false`	No
icmp_redirect_disable_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
interface_description	String	max: `200`	No
interface_description_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
interface_mtu	Integer	min: `1500`, max: `9216`	No
interface_mtu_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
interface_name	String	Regex: (ATM\|ATM-ACR\|AppGigabitEthernet\|AppNav-Compress\|AppNav-UnCompress\|Async\|BD-VIF\|BDI\|CEM\|CEM-ACR\|Cellular\|Dialer\|Embedded-Service-Engine\|Ethernet\|Ethernet-Internal\|FastEthernet\|FiftyGigabitEthernet\|FiveGigabitEthernet\|FortyGigabitEthernet\|FourHundredGigE\|GMPLS\|GigabitEthernet\|Group-Async\|HundredGigE\|L2LISP\|LISP\|Loopback\|MFR\|Multilink\|Port-channel\|SM\|Serial\|Service-Engine\|TenGigabitEthernet\|Tunnel\|TwentyFiveGigE\|TwentyFiveGigabitEthernet\|TwoGigabitEthernet\|TwoHundredGigE\|Vif\|Virtual-PPP\|Virtual-Template\|VirtualPortGroup\|Vlan\|Wlan-GigabitEthernet\|nat64\|nat66\|ntp\|nve\|ospfv3\|overlay\|pseudowire\|ucse\|vasileft\|vasiright\|vmi)([0-9](. ?[1-9][0-9])*\|[0-9/]+\|[0-9]+/[0-9]+/[0-9]+:[0-9]+\|[0-9]+/[0-9]+/[0-9]+\|[0-9]+/[0-9]+\|[0-9]+)	No
interface_name_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ip_directed_broadcast	Boolean	`true`, `false`	No
ip_directed_broadcast_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ip_mtu	Integer	min: `576`, max: `9216`	No
ip_mtu_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_address	IP		No
ipv4_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_configuration_type	Choice	`dynamic`, `static`	No	`static`
ipv4_dhcp_distance	Integer	min: `1`, max: `255`	No
ipv4_dhcp_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_dhcp_helpers	List	IP	No
ipv4_dhcp_helpers_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_egress_acl	String		No
ipv4_ingress_acl	String		No
ipv4_secondary_addresses	List	`[ipv4_secondary_addresses]`	No
ipv4_subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
ipv4_subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv4_tracker	String	Regex: `^[^&<>! "]{1,128}$`	No
ipv4_tracker_group	String	Regex: `^[^&<>! "]{1,128}$`	No
ipv4_vrrp_groups	List	`[ipv4_vrrp_groups]`	No
ipv6_configuration_type	Choice	`dynamic`, `static`, `none`	No	`none`
ipv6_address	IP		No
ipv6_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ipv6_dhcp_helpers	List	`[ipv6_dhcp_helpers]`	No
ipv6_dhcp_secondary_addresses	List	`[ipv6_dhcp_secondary_addresses]`	No
ipv6_secondary_addresses	List	`[ipv6_secondary_addresses]`	No
ipv6_vrrp_groups	List	`[ipv6_vrrp_groups]`	No
load_interval	Integer	min: `30`, max: `600`	No
load_interval_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
mac_address	String	Regex: `^(([a-fA-F\d]{2}:){5}[a-fA-F\d]{2})$`	No
mac_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
media_type	Choice	`auto-select`, `rj45`, `sfp`	No
media_type_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
shutdown	Boolean	`true`, `false`	No
shutdown_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
speed	Choice	`10`, `100`, `1000`, `2500`, `10000`	No
speed_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
shaping_rate	Integer	min: `8`, max: `100000000`	No
shaping_rate_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tcp_mss	Integer	min: `500`, max: `1460`	No
tcp_mss_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
trustsec_enable_enforced_propogation	Boolean	`true`, `false`	No
trustsec_enable_sgt_propogation	Boolean	`true`, `false`	No
trustsec_sgt	Integer	min: `2`, max: `65519`	No
trustsec_sgt_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
trustsec_propogate	Boolean	`true`, `false`	No
trustsec_enforced_sgt	Integer	min: `2`, max: `65519`	No
trustsec_enforced_sgt_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
xconnect	String		No
xconnect_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

gre_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
interfaces	List	String[Regex: `^(gre\|GRE)(.:){0,1}([0-9]*)$`]	No
interfaces_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
network_address	IP		No
network_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

host_mappings (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
hostname	String	min: `1`, max: `32`	No
hostname_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
ips	List	IP	No
ips_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipsec_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
interfaces	List	String[Regex: `^(ipsec\|IPSEC)(.:){0,1}([0-9]*)$`]	No
interfaces_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
network_address	IP		No
network_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv4_export_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
route_target	String	Regex: `^(([0-9]+\.[0-9]+)\|([0-9]+)\|((([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])\.){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]))):[0-9]+$`	No
route_target_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv4_import_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
route_target	String	Regex: `^(([0-9]+\.[0-9]+)\|([0-9]+)\|((([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])\.){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]))):[0-9]+$`	No
route_target_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv4_omp_advertise_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
aggregates	List	`[aggregates]`	No
networks	List	`[networks]`	No
protocol	Choice	`bgp`, `ospf`, `ospfv3`, `connected`, `static`, `network`, `aggregate`, `eigrp`, `lisp`, `isis`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No

ipv4_static_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
gateway	Choice	`nexthop`, `dhcp`, `null0`, `vpn`	No	`nexthop`
network_address	IP		No
network_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
next_hops	List	`[next_hops]`	No
next_hops_with_tracker	List	`[next_hops_with_tracker]`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_import_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
route_target	String	Regex: `^(([0-9]+\.[0-9]+)\|([0-9]+)\|((([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])\.){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]))):[0-9]+$`	No
route_target_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_export_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
route_target	String	Regex: `^(([0-9]+\.[0-9]+)\|([0-9]+)\|((([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5])\.){3}([0-9]\|[1-9][0-9]\|1[0-9][0-9]\|2[0-4][0-9]\|25[0-5]))):[0-9]+$`	No
route_target_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_omp_advertise_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
aggregates	List	`[aggregates]`	No
networks	List	`[networks]`	No
protocol	Choice	`bgp`, `ospf`, `connected`, `static`, `network`, `aggregate`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No

ipv6_static_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory	Default Value
gateway	Choice	`nexthop`, `nat`, `null0`	No	`nexthop`
nat	Choice	`nat64`, `nat66`	No
nat_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
next_hops	List	`[next_hops]`	No
prefix	String	Regex: ((^\s((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}\|:))\|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}\|((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3})\|:))\|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})\|:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3})\|:))\|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})\|((:[0-9A-Fa-f]{1,4})?:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:))\|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})\|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:))\|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})\|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:))\|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})\|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:))\|(:(((:[0-9A-Fa-f]{1,4}){1,7})\|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)(\.(25[0-5]\|2[0-4]\d\|1\d\d\|[1-9]?\d)){3}))\|:)))(%.+)?\s(\/)(\b([0-9]{1,2}\|1[01][0-9]\|12[0-8])\b)$))	No
prefix_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

nat_pools (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
direction	Choice	`inside`, `outside`	No
direction_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
id	Integer	min: `1`, max: `32`	No
id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
overload	Boolean	`true`, `false`	No
overload_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
prefix_length	Integer	min: `1`, max: `32`	No
prefix_length_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
range_start	IP		No
range_start_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
range_end	IP		No
range_end_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tracker_object	String	Regex: `^[^<! ]{1,128}$`	No

nat_port_forwards (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
nat_pool_id	Integer	min: `1`, max: `31`	No
nat_pool_id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
protocol	Choice	`tcp`, `udp`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
source_ip	IP		No
source_ip_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
source_port	Integer	min: `1`, max: `65535`	No
source_port_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
translate_ip	IP		No
translate_ip_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
translate_port	Integer	min: `1`, max: `65535`	No
translate_port_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

nat64_pools (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
name	String	min: `1`, max: `32`	No
name_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
overload	Boolean	`true`, `false`	No
overload_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
range_start	IP		No
range_start_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
range_end	IP		No
range_end_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

route_leaks_from_global (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
protocol	Choice	`static`, `connected`, `bgp`, `ospf`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No
redistributions	List	`[redistributions]`	No

route_leaks_to_global (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
protocol	Choice	`static`, `connected`, `bgp`, `ospf`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No
redistributions	List	`[redistributions]`	No

route_leaks_from_service (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
source_vpn	Integer	min: `0`, max: `65530`	No
source_vpn_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
protocol	Choice	`static`, `connected`, `bgp`, `ospf`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No
redistributions	List	`[redistributions]`	No

services (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
ipv4_addresses	List	IP	No
ipv4_addresses_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
service_type	Choice	`fw`, `ids`, `idp`, `netsvc1`, `netsvc2`, `netsvc3`, `netsvc4`, `te`, `appqoe`	No
service_type_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
track_enable	Boolean	`true`, `false`	No
track_enable_variable	String	Regex: `^[^"~`$&+,]255$`	No

service_routes (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
network_address	IP		No
network_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
service	Choice	`sig`	No
service_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

static_nat_entries (sdwan.feature_profiles.service_profiles.lan_vpns)

Name	Type	Constraint	Mandatory
direction	Choice	`inside`, `outside`	No
direction_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
nat_pool_id	Integer	min: `1`, max: `32`	No
nat_pool_id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
source_ip	IP		No
source_ip_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tracker_object	String	Regex: `^[^<! ]{1,128}$`	No
translate_ip	IP		No
translate_ip_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

arp_entries (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory
ip_address	IP		No
ip_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
mac_address	String	Regex: `^(([a-fA-F\d]{2}:){5}[a-fA-F\d]{2})$`	No
mac_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv4_secondary_addresses (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv4_vrrp_groups (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
id	Integer	min: `1`, max: `255`	No
id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
priority	Integer	min: `1`, max: `254`	No
priority_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
secondary_addresses	List	`[secondary_addresses]`	No
timer	Integer	min: `100`, max: `40950`	No
timer_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tloc_preference_change	Boolean	`true`, `false`	No
tloc_preference_change_value	Integer	min: `100`, max: `4294967295`	No
track_omp	Boolean	`true`, `false`	No
tracking_objects	List	`[tracking_objects]`	No

ipv6_dhcp_helpers (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
vpn_id	Integer	min: `1`, max: `65536`	No
vpn_id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_dhcp_secondary_addresses (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory	Default Value
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_secondary_addresses (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory	Default Value
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

ipv6_vrrp_groups (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces)

Name	Type	Constraint	Mandatory
id	Integer	min: `1`, max: `255`	No
id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
global_prefix	IP		No
global_prefix_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
link_local_address	IP		No
link_local_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
priority	Integer	min: `1`, max: `254`	No
priority_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
timer	Integer	min: `100`, max: `40950`	No
timer_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
track_omp	Boolean	`true`, `false`	No

aggregates (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_omp_advertise_routes)

Name	Type	Constraint	Mandatory
aggregate_address	IP		No
aggregate_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
aggregate_only	Boolean	`true`, `false`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
region	Choice	`access`, `core`, `core-and-access`	No
region_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

networks (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_omp_advertise_routes)

Name	Type	Constraint	Mandatory
network_address	IP		No
network_address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
region	Choice	`access`, `core`, `core-and-access`	No
region_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

next_hops (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_static_routes)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
administrative_distance	Integer	min: `1`, max: `255`	No
administrative_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

next_hops_with_tracker (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_static_routes)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
administrative_distance	Integer	min: `1`, max: `255`	No
administrative_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tracker	String	Regex: `^[^<! ]{1,128}$`	No

aggregates (sdwan.feature_profiles.service_profiles.lan_vpns.ipv6_omp_advertise_routes)

Name	Type	Constraint	Mandatory
aggregate_prefix	IP		No
aggregate_prefix_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
aggregate_only	Boolean	`true`, `false`	No
region	Choice	`access`, `core`, `core-and-access`	No
region_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

networks (sdwan.feature_profiles.service_profiles.lan_vpns.ipv6_omp_advertise_routes)

Name	Type	Constraint	Mandatory
prefix	IP		No
prefix_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
region	Choice	`access`, `core`, `core-and-access`	No
region_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

next_hops (sdwan.feature_profiles.service_profiles.lan_vpns.ipv6_static_routes)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
administrative_distance	Integer	min: `1`, max: `255`	No
administrative_distance_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

redistributions (sdwan.feature_profiles.service_profiles.lan_vpns.route_leaks_from_global)

Name	Type	Constraint	Mandatory
protocol	Choice	`bgp`, `ospf`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No

redistributions (sdwan.feature_profiles.service_profiles.lan_vpns.route_leaks_to_global)

Name	Type	Constraint	Mandatory
protocol	Choice	`bgp`, `ospf`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No

redistributions (sdwan.feature_profiles.service_profiles.lan_vpns.route_leaks_from_service)

Name	Type	Constraint	Mandatory
protocol	Choice	`bgp`, `ospf`	No
protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
route_policy	String	Regex: `^[^<! ]{1,128}$`	No

secondary_addresses (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces.ipv4_vrrp_groups)

Name	Type	Constraint	Mandatory
address	IP		No
address_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
subnet_mask	Choice	`255.255.255.255`, `255.255.255.254`, `255.255.255.252`, `255.255.255.248`, `255.255.255.240`, `255.255.255.224`, `255.255.255.192`, `255.255.255.128`, `255.255.255.0`, `255.255.254.0`, `255.255.252.0`, `255.255.248.0`, `255.255.240.0`, `255.255.224.0`, `255.255.192.0`, `255.255.128.0`, `255.255.0.0`, `255.254.0.0`, `255.252.0.0`, `255.240.0.0`, `255.224.0.0`, `255.192.0.0`, `255.128.0.0`, `255.0.0.0`, `254.0.0.0`, `252.0.0.0`, `248.0.0.0`, `240.0.0.0`, `224.0.0.0`, `192.0.0.0`, `128.0.0.0`, `0.0.0.0`	No
subnet_mask_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

tracking_objects (sdwan.feature_profiles.service_profiles.lan_vpns.ethernet_interfaces.ipv4_vrrp_groups)

Name	Type	Constraint	Mandatory
action	Choice	`decrement`, `shutdown`	No
action_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
decrement_value	Integer	min: `1`, max: `255`	No
decrement_value_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
tracker_object	String	Regex: `^[^&<>! "]{1,128}$`	No
tracker_object_group	String	Regex: `^[^&<>! "]{1,128}$`	No

Examples

Example-1: Basic LAN VPN Configuration

The example below illustrates how to configure a LAN VPN feature within a service profile. It defines the LAN VPN instance, specifying the VPN ID, static IPv4 and IPv6 routes for internal network reachability, OMP route advertisements, DNS server addresses as well as static host mapping.

sdwan:
  feature_profiles:
    service_profiles:
      - name: BRANCH-LAN-VPN20
        description: Branch LAN VPN 20
        lan_vpns:
          - name: BRANCH-LAN-VPN20
            description: Branch LAN VPN for internal users
            vpn_id: 20
            vpn_name: VPN20-LAN
            ipv4_omp_advertise_routes:
              - protocol: connected
              - protocol: static
              - protocol: ospf
                route_policy: route-policy-omp
            ipv4_primary_dns_address: 10.2.1.1
            ipv4_secondary_dns_address: 10.2.1.2
            ipv4_static_routes:
              - network_address: 10.10.10.0
                subnet_mask: 255.255.255.0
                gateway: nexthop
                next_hops:
                  - address: 10.2.1.1
                    administrative_distance: 1
            ipv6_static_routes:
              - prefix: 2001:0:0:2::0/64
                gateway: nexthop
                next_hops:
                  - address: 2001:0:0:1::1
                    administrative_distance: 1
            ipv6_omp_advertise_routes:
              - protocol: connected
              - protocol: static
            ipv6_primary_dns_address: 2001:0:0:1::1
            ipv6_secondary_dns_address: 2001:0:0:2::2
            host_mappings:
              - hostname: fileserver.example
                ips:
                  - 10.20.0.10
            route_leaks_from_global:
              - protocol: connected
                redistributions:
                  - protocol: ospf
                    route_policy: import-from-global