-
Notifications
You must be signed in to change notification settings - Fork 184
/
autovpn-edge.cfg
133 lines (133 loc) · 2.9 KB
/
autovpn-edge.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
!RANCID-CONTENT-TYPE: arista
!
vlan internal order ascending range 1006 1199
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname autovpn-edge
!
router path-selection
!
path-group INET id 101
ipsec profile AUTOVPN
!
local interface Ethernet1
stun server-profile autovpn-rr1-INET-0 autovpn-rr2-INET-0
!
peer dynamic
!
peer static router-ip 192.168.31.1
name autovpn-rr1
ipv4 address 10.7.7.7
!
peer static router-ip 192.168.31.2
name autovpn-rr2
ipv4 address 10.8.8.8
!
load-balance policy LBPOLICY
path-group INET
!
policy dps-policy-default
default-match
load-balance LBPOLICY
!
vrf default
path-selection-policy dps-policy-default
!
spanning-tree mode none
!
no enable password
no aaa root
!
vrf instance MGMT
!
ip security
!
ike policy AUTOVPN-IKE
local-id 192.168.30.1
!
sa policy AUTOVPN-SA
!
profile AUTOVPN
ike-policy AUTOVPN-IKE
sa-policy AUTOVPN-SA
connection start
shared-key 7 ABCDEF1234567890
dpd 10 50 clear
mode transport
!
key controller
profile AUTOVPN
!
interface Dps1
description DPS Interface
tcp mss ceiling ipv4 1000
!
interface Ethernet1
no shutdown
no switchport
ip address dhcp
dhcp client accept default-route
!
interface Loopback0
description Router_ID
no shutdown
ip address 192.168.30.1/32
!
interface Vxlan1
description autovpn-edge_VTEP
vxlan source-interface Loopback0
vxlan udp-port 4789
vxlan vrf default vni 1
!
ip routing
no ip routing vrf MGMT
!
router bfd
multihop interval 300 min-rx 300 multiplier 3
!
router bgp 65000
router-id 192.168.30.1
maximum-paths 4 ecmp 4
update wait-install
no bgp default ipv4-unicast
neighbor WAN-OVERLAY-PEERS peer group
neighbor WAN-OVERLAY-PEERS remote-as 65000
neighbor WAN-OVERLAY-PEERS update-source Loopback0
neighbor WAN-OVERLAY-PEERS bfd
neighbor WAN-OVERLAY-PEERS password 7 htm4AZe9mIQOO1uiMuGgYQ==
neighbor WAN-OVERLAY-PEERS send-community
neighbor WAN-OVERLAY-PEERS maximum-routes 0
neighbor 192.168.31.1 peer group WAN-OVERLAY-PEERS
neighbor 192.168.31.1 description autovpn-rr1
neighbor 192.168.31.2 peer group WAN-OVERLAY-PEERS
neighbor 192.168.31.2 description autovpn-rr2
!
address-family evpn
neighbor WAN-OVERLAY-PEERS activate
!
address-family ipv4
no neighbor WAN-OVERLAY-PEERS activate
!
address-family path-selection
bgp additional-paths receive
bgp additional-paths send any
neighbor WAN-OVERLAY-PEERS activate
!
management api http-commands
protocol https
no shutdown
!
vrf MGMT
no shutdown
!
stun
client
server-profile autovpn-rr1-INET-0
ip address 10.7.7.7/31
server-profile autovpn-rr2-INET-0
ip address 10.8.8.8/31
!
end