Service LAN VPN GRE Interface Feature
Configure LAN VPN GRE interface feature.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”lan_vpns (sdwan.feature_profiles.service_profiles)
Section titled “lan_vpns (sdwan.feature_profiles.service_profiles)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| gre_interfaces | List | [gre_interfaces] | No |
gre_interfaces (sdwan.feature_profiles.service_profiles.lan_vpns)
Section titled “gre_interfaces (sdwan.feature_profiles.service_profiles.lan_vpns)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[^&<>! "]{1,128}$ | Yes | |
| description | String | No | ||
| application_tunnel_type | Choice | none, sig | No | |
| application_tunnel_type_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| clear_dont_fragment | Boolean | true, false | No | |
| clear_dont_fragment_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| dpd_interval | Integer | min: 10, max: 3600 | No | |
| dpd_interval_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| dpd_retries | Integer | min: 2, max: 60 | No | |
| dpd_retries_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ike_cipher_suite | Choice | aes256-cbc-sha1, aes256-cbc-sha2, aes128-cbc-sha1, aes128-cbc-sha2 | No | |
| ike_cipher_suite_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ike_diffie_hellman_group | Choice | 2, 14, 15, 16, 19, 20, 21, 24 | No | |
| ike_diffie_hellman_group_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ike_id_for_local_endpoint | Integer | min: 1, max: 63 | No | |
| ike_id_for_local_endpoint_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ike_id_for_remote_endpoint | Integer | min: 1, max: 63 | No | |
| ike_id_for_remote_endpoint_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ike_integrity_protocol | Choice | main, aggressive | No | |
| ike_integrity_protocol_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ike_rekey_interval | Integer | min: 60, max: 86400 | No | |
| ike_rekey_interval_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ike_version | Integer | min: 1, max: 2 | No | |
| interface_description | String | max: 128 | No | |
| interface_description_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| interface_name | String | Regex: ^gre([1-9]|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5])$ | No | |
| interface_name_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ipv4_address | IP | No | ||
| ipv4_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ipv4_mtu | Integer | min: 576, max: 9976 | No | |
| ipv4_mtu_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ipv4_subnet_mask | Choice | 255.255.255.255, 255.255.255.254, 255.255.255.252, 255.255.255.248, 255.255.255.240, 255.255.255.224, 255.255.255.192, 255.255.255.128, 255.255.255.0, 255.255.254.0, 255.255.252.0, 255.255.248.0, 255.255.240.0, 255.255.224.0, 255.255.192.0, 255.255.128.0, 255.255.0.0, 255.254.0.0, 255.252.0.0, 255.240.0.0, 255.224.0.0, 255.192.0.0, 255.128.0.0, 255.0.0.0, 254.0.0.0, 252.0.0.0, 248.0.0.0, 240.0.0.0, 224.0.0.0, 192.0.0.0, 128.0.0.0, 0.0.0.0 | No | |
| ipv4_subnet_mask_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ipv4_tcp_mss | Integer | min: 500, max: 1460 | No | |
| ipv4_tcp_mss_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ipv6_address | IP | No | ||
| ipv6_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ipv6_mtu | Integer | min: 1280, max: 9976 | No | |
| ipv6_mtu_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ipv6_tcp_mss | Integer | min: 40, max: 1454 | No | |
| ipv6_tcp_mss_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ipsec_cipher_suite | Choice | aes256-cbc-sha1, aes256-cbc-sha384, aes256-cbc-sha256, aes256-cbc-sha512, aes256-gcm, null-sha1, null-sha384, null-sha256, null-sha512 | No | |
| ipsec_cipher_suite_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ipsec_rekey_interval | Integer | min: 120, max: 2592000 | No | |
| ipsec_rekey_interval_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| ipsec_replay_window | Integer | min: 64, max: 4096 | No | |
| ipsec_replay_window_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| perfect_forward_secrecy | Choice | group-1, group-2, group-5, group-14, group-15, group-16, group-19, group-20, group-21, group-24, none | No | |
| perfect_forward_secrecy_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| preshared_key_for_ike | String | min: 1, max: 127 | No | |
| preshared_key_for_ike_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| shutdown | Boolean | true, false | No | |
| shutdown_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| tunnel_destination_ipv4_address | IP | No | ||
| tunnel_destination_ipv4_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| tunnel_destination_ipv6_address | IP | No | ||
| tunnel_destination_ipv6_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| tunnel_mode | Choice | ipv4, ipv6 | No | |
| tunnel_route_via_loopback | String | min: 1, max: 32 | No | |
| tunnel_route_via_loopback_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| tunnel_source_interface | String | min: 1, max: 32 | No | |
| tunnel_source_interface_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| tunnel_source_interface_loopback | String | min: 1, max: 32 | No | |
| tunnel_source_interface_loopback_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| tunnel_source_ipv4_address | IP | No | ||
| tunnel_source_ipv4_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| tunnel_source_ipv6_address | IP | No | ||
| tunnel_source_ipv6_address_variable | String | Regex: ^[./\[\]a-zA-Z0-9_-]{1,128}$ | No | |
| tunnel_protection | Boolean | true, false | No |
Examples
Section titled “Examples”Example-1: This example demonstrates how to configure a service GRE interface feature within a LAN VPN in a service profile. It defines GRE tunnels in the LAN VPN context for SD-WAN, enabling traffic routing between different endpoints through an encapsulated GRE tunnel.
sdwan: feature_profiles: service_profiles: - name: service1 lan_vpns: - name: service_lan_vpn1 description: lan_vpn1_test vpn_id: 1 vpn_name: VPN1 gre_interfaces: - name: lan_interface_gre description: LAN GRE Interface application_tunnel_type: none clear_dont_fragment: false interface_name: gre1 interface_description: gre1 interface ipv4_address: 70.1.1.1 ipv4_subnet_mask: 255.255.255.0 ipv4_mtu: 1500 ipv4_tcp_mss: 1460 shutdown: false tunnel_source_ipv4_address: 10.0.0.1 tunnel_destination_ipv4_address: 10.0.0.10