Examples of Running-configurations for GRE-over-IPsec Tunnels

Running Configuration for CloudEOS and vEOS1

The following examples show the running configurations for two CloudEOS and vEOS Router instances (CloudEOS and vEOS1 and CloudEOS and vEOS2). The instances are the tunnel endpoints of a GRE-over-IPsec tunnel.

ip security
ike policy ikebranch1
integrity sha256
dh-group 15
!
sa policy sabranch1 
sa lifetime 2
pfs dh-group 14
!
profile hq
mode tunnel
ike-policy ikebranch1
sa-policy sabranch1
connection add
shared-key keyAristaHq 
dpd 10 50 clear
!
interface Tunnel1 
mtu 1404
ip address 1.0.3.1/24
tunnel mode gre
tunnel source 1.0.0.1
tunnel destination 1.0.0.2
tunnel ipsec profile hq
!
interface Ethernet1 
no switchport
ip address 1.0.0.1/24
!

Running Configuration for CloudEOS and vEOS2

ip security
ike policy ikebranch1
integrity sha256
dh-group 15
!
ike policy ikebranch2
dh-group 15
version 1
local-id 200.0.0.1
!
ike policy ikedefault
!
sa policy sabranch1 
sa lifetime 2
pfs dh-group 14
!
profile hq
mode tunnel
ike-policy ikebranch1
sa-policy sabranch1 
connection start
shared-key keyAristaHq
dpd 10 50 clear
!
interface Tunnel1 
mtu 1404
ip address 1.0.3.2/24 
tunnel mode gre 
tunnel source 1.0.0.2
tunnel destination 1.0.0.1
tunnel ipsec profile hq
!
interface Ethernet2 
no switchport
ip address 1.0.0.2/24
!