Service LAN VPN Feature
Configure LAN VPN feature.
Diagram
Section titled “Diagram”Classes
Section titled “Classes”service_profiles (sdwan.feature_profiles)
Section titled “service_profiles (sdwan.feature_profiles)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
lan_vpns | List | [lan_vpns] | No |
lan_vpns (sdwan.feature_profiles.service_profiles)
Section titled “lan_vpns (sdwan.feature_profiles.service_profiles)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[^&<>! "]{1,128}$ | Yes | |
description | String | No | ||
bgp | String | Regex: ^[^&<>! "]{1,128}$ | No | |
gre_routes | List | [gre_routes] | No | |
host_mappings | List | [host_mappings] | No | |
ipsec_routes | List | [ipsec_routes] | No | |
ipv4_export_route_targets | List | [ipv4_export_route_targets] | No | |
ipv4_import_route_targets | List | [ipv4_import_route_targets] | No | |
ipv4_omp_admin_distance | Integer | min: 1 , max: 255 | No | |
ipv4_omp_admin_distance_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
ipv4_omp_advertise_routes | List | [ipv4_omp_advertise_routes] | No | |
ipv4_primary_dns_address | IP | No | ||
ipv4_primary_dns_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
ipv4_secondary_dns_address | IP | No | ||
ipv4_secondary_dns_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
ipv4_static_routes | List | [ipv4_static_routes] | No | |
ipv6_import_route_targets | List | [ipv6_import_route_targets] | No | |
ipv6_export_route_targets | List | [ipv6_export_route_targets] | No | |
ipv6_omp_admin_distance | Integer | min: 1 , max: 255 | No | |
ipv6_omp_admin_distance_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
ipv6_omp_advertise_routes | List | [ipv6_omp_advertise_routes] | No | |
ipv6_primary_dns_address | IP | No | ||
ipv6_primary_dns_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
ipv6_secondary_dns_address | IP | No | ||
ipv6_secondary_dns_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
ipv6_static_routes | List | [ipv6_static_routes] | No | |
nat_pools | List | [nat_pools] | No | |
nat_port_forwards | List | [nat_port_forwards] | No | |
nat64_pools | List | [nat64_pools] | No | |
ospf | String | Regex: ^[^&<>! "]{1,128}$ | No | |
route_leaks_from_global | List | [route_leaks_from_global] | No | |
route_leaks_to_global | List | [route_leaks_to_global] | No | |
route_leaks_from_service | List | [route_leaks_from_service] | No | |
sdwan_remote_access | Boolean | true , false | No | |
services | List | [services] | No | |
service_routes | List | [service_routes] | No | |
static_nat_entries | List | [static_nat_entries] | No | |
vpn_id | Integer | min: 0 , max: 65527 | No | |
vpn_id_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
vpn_name | String | min: 1 , max: 244 | No | |
vpn_name_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
gre_routes (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “gre_routes (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
interfaces | List | String[Regex: ^(gre|GRE)(.:){0,1}([0-9]*)$ ] | No | |
interfaces_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
network_address | IP | No | ||
network_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
subnet_mask | Choice | 255.255.255.255 , 255.255.255.254 , 255.255.255.252 , 255.255.255.248 , 255.255.255.240 , 255.255.255.224 , 255.255.255.192 , 255.255.255.128 , 255.255.255.0 , 255.255.254.0 , 255.255.252.0 , 255.255.248.0 , 255.255.240.0 , 255.255.224.0 , 255.255.192.0 , 255.255.128.0 , 255.255.0.0 , 255.254.0.0 , 255.252.0.0 , 255.240.0.0 , 255.224.0.0 , 255.192.0.0 , 255.128.0.0 , 255.0.0.0 , 254.0.0.0 , 252.0.0.0 , 248.0.0.0 , 240.0.0.0 , 224.0.0.0 , 192.0.0.0 , 128.0.0.0 , 0.0.0.0 | No | |
subnet_mask_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
host_mappings (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “host_mappings (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
hostname | String | min: 1 , max: 32 | No | |
hostname_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
ips | List | IP | No | |
ips_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
ipsec_routes (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “ipsec_routes (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
interfaces | List | String[Regex: ^(ipsec|IPSEC)(.:){0,1}([0-9]*)$ ] | No | |
interfaces_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
network_address | IP | No | ||
network_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
subnet_mask | Choice | 255.255.255.255 , 255.255.255.254 , 255.255.255.252 , 255.255.255.248 , 255.255.255.240 , 255.255.255.224 , 255.255.255.192 , 255.255.255.128 , 255.255.255.0 , 255.255.254.0 , 255.255.252.0 , 255.255.248.0 , 255.255.240.0 , 255.255.224.0 , 255.255.192.0 , 255.255.128.0 , 255.255.0.0 , 255.254.0.0 , 255.252.0.0 , 255.240.0.0 , 255.224.0.0 , 255.192.0.0 , 255.128.0.0 , 255.0.0.0 , 254.0.0.0 , 252.0.0.0 , 248.0.0.0 , 240.0.0.0 , 224.0.0.0 , 192.0.0.0 , 128.0.0.0 , 0.0.0.0 | No | |
subnet_mask_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
ipv4_export_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “ipv4_export_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
route_target | String | Regex: ^(([0-9]+\.[0-9]+)|([0-9]+)|((([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))):[0-9]+$ | No | |
route_target_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
ipv4_import_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “ipv4_import_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
route_target | String | Regex: ^(([0-9]+\.[0-9]+)|([0-9]+)|((([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))):[0-9]+$ | No | |
route_target_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
ipv4_omp_advertise_routes (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “ipv4_omp_advertise_routes (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
aggregates | List | [aggregates] | No | |
networks | List | [networks] | No | |
protocol | Choice | bgp , ospf , ospfv3 , connected , static , network , aggregate , eigrp , lisp , isis | No | |
protocol_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
route_policy | String | Regex: ^[^<! ]{1,128}$ | No |
ipv4_static_routes (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “ipv4_static_routes (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
gateway | Choice | nexthop , dhcp , null0 , vpn | No | nexthop |
network_address | IP | No | ||
network_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
next_hops | List | [next_hops] | No | |
next_hops_with_tracker | List | [next_hops_with_tracker] | No | |
subnet_mask | Choice | 255.255.255.255 , 255.255.255.254 , 255.255.255.252 , 255.255.255.248 , 255.255.255.240 , 255.255.255.224 , 255.255.255.192 , 255.255.255.128 , 255.255.255.0 , 255.255.254.0 , 255.255.252.0 , 255.255.248.0 , 255.255.240.0 , 255.255.224.0 , 255.255.192.0 , 255.255.128.0 , 255.255.0.0 , 255.254.0.0 , 255.252.0.0 , 255.240.0.0 , 255.224.0.0 , 255.192.0.0 , 255.128.0.0 , 255.0.0.0 , 254.0.0.0 , 252.0.0.0 , 248.0.0.0 , 240.0.0.0 , 224.0.0.0 , 192.0.0.0 , 128.0.0.0 , 0.0.0.0 | No | |
subnet_mask_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
ipv6_import_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “ipv6_import_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
route_target | String | Regex: ^(([0-9]+\.[0-9]+)|([0-9]+)|((([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))):[0-9]+$ | No | |
route_target_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
ipv6_export_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “ipv6_export_route_targets (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
route_target | String | Regex: ^(([0-9]+\.[0-9]+)|([0-9]+)|((([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]))):[0-9]+$ | No | |
route_target_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
ipv6_omp_advertise_routes (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “ipv6_omp_advertise_routes (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
aggregates | List | [aggregates] | No | |
networks | List | [networks] | No | |
protocol | Choice | bgp , ospf , connected , static , network , aggregate | No | |
protocol_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
route_policy | String | Regex: ^[^<! ]{1,128}$ | No |
ipv6_static_routes (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “ipv6_static_routes (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
gateway | Choice | nexthop , nat , null0 | No | nexthop |
nat | Choice | nat64 , nat66 | No | |
nat_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
next_hops | List | [next_hops] | No | |
prefix | String | Regex: ((^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*(\/)(\b([0-9]{1,2}|1[01][0-9]|12[0-8])\b)$)) | No | |
prefix_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
nat_pools (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “nat_pools (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
direction | Choice | inside , outside | No | |
direction_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
id | Integer | min: 1 , max: 32 | No | |
id_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
overload | Boolean | true , false | No | |
overload_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
prefix_length | Integer | min: 1 , max: 32 | No | |
prefix_length_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
range_start | IP | No | ||
range_start_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
range_end | IP | No | ||
range_end_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
tracker_object | String | Regex: ^[^<! ]{1,128}$ | No |
nat_port_forwards (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “nat_port_forwards (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
nat_pool_id | Integer | min: 1 , max: 31 | No | |
nat_pool_id_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
protocol | Choice | tcp , udp | No | |
protocol_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
source_ip | IP | No | ||
source_ip_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
source_port | Integer | min: 1 , max: 65535 | No | |
source_port_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
translate_ip | IP | No | ||
translate_ip_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
translate_port | Integer | min: 1 , max: 65535 | No | |
translate_port_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
nat64_pools (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “nat64_pools (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | min: 1 , max: 32 | No | |
overload | Boolean | true , false | No | |
overload_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
range_start | IP | No | ||
range_start_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
range_end | IP | No | ||
range_end_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
route_leaks_from_global (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “route_leaks_from_global (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
protocol | Choice | static , connected , bgp , ospf | No | |
protocol_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
route_policy | String | Regex: ^[^<! ]{1,128}$ | No | |
redistributions | List | [redistributions] | No |
route_leaks_to_global (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “route_leaks_to_global (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
protocol | Choice | static , connected , bgp , ospf | No | |
protocol_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
route_policy | String | Regex: ^[^<! ]{1,128}$ | No | |
redistributions | List | [redistributions] | No |
route_leaks_from_service (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “route_leaks_from_service (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
source_vpn | Integer | min: 0 , max: 65530 | No | |
source_vpn_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
protocol | Choice | static , connected , bgp , ospf | No | |
protocol_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
route_policy | String | Regex: ^[^<! ]{1,128}$ | No | |
redistributions | List | [redistributions] | No |
services (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “services (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ipv4_addresses | List | IP | No | |
ipv4_addresses_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
service_type | Choice | fw , ids , idp , netsvc1 , netsvc2 , netsvc3 , netsvc4 , te , appqoe | No | |
service_type_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
track_enable | Boolean | true , false | No | |
track_enable_variable | String | Regex: ^[^"~ $&+,]255$` | No |
service_routes (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “service_routes (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
network_address | IP | No | ||
network_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
subnet_mask | Choice | 255.255.255.255 , 255.255.255.254 , 255.255.255.252 , 255.255.255.248 , 255.255.255.240 , 255.255.255.224 , 255.255.255.192 , 255.255.255.128 , 255.255.255.0 , 255.255.254.0 , 255.255.252.0 , 255.255.248.0 , 255.255.240.0 , 255.255.224.0 , 255.255.192.0 , 255.255.128.0 , 255.255.0.0 , 255.254.0.0 , 255.252.0.0 , 255.240.0.0 , 255.224.0.0 , 255.192.0.0 , 255.128.0.0 , 255.0.0.0 , 254.0.0.0 , 252.0.0.0 , 248.0.0.0 , 240.0.0.0 , 224.0.0.0 , 192.0.0.0 , 128.0.0.0 , 0.0.0.0 | No | |
subnet_mask_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
service | Choice | sig | No |
static_nat_entries (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “static_nat_entries (sdwan.feature_profiles.service_profiles.lan_vpns)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
direction | Choice | inside , outside | No | |
direction_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
nat_pool_id | Integer | min: 1 , max: 32 | No | |
nat_pool_id_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
source_ip | IP | No | ||
source_ip_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
tracker_object | String | Regex: ^[^<! ]{1,128}$ | No | |
translate_ip | IP | No | ||
translate_ip_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
aggregates (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_omp_advertise_routes)
Section titled “aggregates (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_omp_advertise_routes)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
aggregate_address | IP | No | ||
aggregate_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
aggregate_only | Boolean | true , false | No | |
subnet_mask | Choice | 255.255.255.255 , 255.255.255.254 , 255.255.255.252 , 255.255.255.248 , 255.255.255.240 , 255.255.255.224 , 255.255.255.192 , 255.255.255.128 , 255.255.255.0 , 255.255.254.0 , 255.255.252.0 , 255.255.248.0 , 255.255.240.0 , 255.255.224.0 , 255.255.192.0 , 255.255.128.0 , 255.255.0.0 , 255.254.0.0 , 255.252.0.0 , 255.240.0.0 , 255.224.0.0 , 255.192.0.0 , 255.128.0.0 , 255.0.0.0 , 254.0.0.0 , 252.0.0.0 , 248.0.0.0 , 240.0.0.0 , 224.0.0.0 , 192.0.0.0 , 128.0.0.0 , 0.0.0.0 | No | |
subnet_mask_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
region | Choice | access , core , core-and-access | No | |
region_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
networks (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_omp_advertise_routes)
Section titled “networks (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_omp_advertise_routes)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
network_address | IP | No | ||
network_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
subnet_mask | Choice | 255.255.255.255 , 255.255.255.254 , 255.255.255.252 , 255.255.255.248 , 255.255.255.240 , 255.255.255.224 , 255.255.255.192 , 255.255.255.128 , 255.255.255.0 , 255.255.254.0 , 255.255.252.0 , 255.255.248.0 , 255.255.240.0 , 255.255.224.0 , 255.255.192.0 , 255.255.128.0 , 255.255.0.0 , 255.254.0.0 , 255.252.0.0 , 255.240.0.0 , 255.224.0.0 , 255.192.0.0 , 255.128.0.0 , 255.0.0.0 , 254.0.0.0 , 252.0.0.0 , 248.0.0.0 , 240.0.0.0 , 224.0.0.0 , 192.0.0.0 , 128.0.0.0 , 0.0.0.0 | No | |
region | Choice | access , core , core-and-access | No | |
region_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
next_hops (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_static_routes)
Section titled “next_hops (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_static_routes)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
address | IP | No | ||
address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
administrative_distance | Integer | min: 1 , max: 255 | No | |
administrative_distance_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
next_hops_with_tracker (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_static_routes)
Section titled “next_hops_with_tracker (sdwan.feature_profiles.service_profiles.lan_vpns.ipv4_static_routes)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
address | IP | No | ||
address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
administrative_distance | Integer | min: 1 , max: 255 | No | |
administrative_distance_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
tracker | String | Regex: ^[^<! ]{1,128}$ | No |
aggregates (sdwan.feature_profiles.service_profiles.lan_vpns.ipv6_omp_advertise_routes)
Section titled “aggregates (sdwan.feature_profiles.service_profiles.lan_vpns.ipv6_omp_advertise_routes)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
aggregate_prefix | IP | No | ||
aggregate_prefix_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
aggregate_only | Boolean | true , false | No | |
region | Choice | access , core , core-and-access | No | |
region_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
networks (sdwan.feature_profiles.service_profiles.lan_vpns.ipv6_omp_advertise_routes)
Section titled “networks (sdwan.feature_profiles.service_profiles.lan_vpns.ipv6_omp_advertise_routes)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
prefix | IP | No | ||
prefix_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
region | Choice | access , core , core-and-access | No | |
region_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
next_hops (sdwan.feature_profiles.service_profiles.lan_vpns.ipv6_static_routes)
Section titled “next_hops (sdwan.feature_profiles.service_profiles.lan_vpns.ipv6_static_routes)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
address | IP | No | ||
address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
administrative_distance | Integer | min: 1 , max: 255 | No | |
administrative_distance_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No |
redistributions (sdwan.feature_profiles.service_profiles.lan_vpns.route_leaks_from_global)
Section titled “redistributions (sdwan.feature_profiles.service_profiles.lan_vpns.route_leaks_from_global)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
protocol | Choice | bgp , ospf | No | |
protocol_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
route_policy | String | Regex: ^[^<! ]{1,128}$ | No |
redistributions (sdwan.feature_profiles.service_profiles.lan_vpns.route_leaks_to_global)
Section titled “redistributions (sdwan.feature_profiles.service_profiles.lan_vpns.route_leaks_to_global)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
protocol | Choice | bgp , ospf | No | |
protocol_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
route_policy | String | Regex: ^[^<! ]{1,128}$ | No |
redistributions (sdwan.feature_profiles.service_profiles.lan_vpns.route_leaks_from_service)
Section titled “redistributions (sdwan.feature_profiles.service_profiles.lan_vpns.route_leaks_from_service)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
protocol | Choice | bgp , ospf | No | |
protocol_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,64}$ | No | |
route_policy | String | Regex: ^[^<! ]{1,128}$ | No |
Examples
Section titled “Examples”Example-1: Basic LAN VPN Configuration
The example below illustrates how to configure a LAN VPN feature within a service profile. It defines the LAN VPN instance, specifying the VPN ID, static IPv4 and IPv6 routes for internal network reachability, OMP route advertisements, DNS server addresses as well as static host mapping.
sdwan: feature_profiles: service_profiles: - name: BRANCH-LAN-VPN20 description: Branch LAN VPN 20 lan_vpns: - name: BRANCH-LAN-VPN20 description: Branch LAN VPN for internal users vpn_id: 20 vpn_name: VPN20-LAN ipv4_omp_advertise_routes: - protocol: connected - protocol: static - protocol: ospf route_policy: route-policy-omp ipv4_primary_dns_address: 10.2.1.1 ipv4_secondary_dns_address: 10.2.1.2 ipv4_static_routes: - network_address: 10.10.10.0 subnet_mask: 255.255.255.0 gateway: nexthop next_hops: - address: 10.2.1.1 administrative_distance: 1 ipv6_static_routes: - prefix: 2001:0:0:2::0/64 gateway: nexthop next_hops: - address: 2001:0:0:1::1 administrative_distance: 1 ipv6_omp_advertise_routes: - protocol: connected - protocol: static ipv6_primary_dns_address: 2001:0:0:1::1 ipv6_secondary_dns_address: 2001:0:0:2::2 host_mappings: - hostname: fileserver.example ips: - 10.20.0.10 route_leaks_from_global: - protocol: connected redistributions: - protocol: ospf route_policy: import-from-global