CloudEOS and vEOS Router (VTI IPsec Tunnel)

The IPsec tunnels represented in these examples include VTI IPsec tunnels between CloudEOS and vEOS Router instances and third party CSR router instances.

Running Configuration for CloudEOS and vEOS

ip security 
ike policy ikebranch1 
encryption aes256 
dh-group 15
!
sa policy sabranch1 
sa lifetime 2
pfs dh-group 14
!
profile hq
ike-policy ikebranch1
sa-policy sabranch1 
connection add
shared-key keyAristaHq 
dpd 10 50 clear
!

interface Tunnel1
ip address 1.0.3.1/24 
tunnel mode ipsec 
tunnel source 1.0.0.1
tunnel destination 1.0.0.2
tunnel key 100
tunnel ipsec profile hq


interface Ethernet1 
no switchport
ip address 1.0.0.1/24