Examples of Running-configurations for VTI IPsec Tunnels

The following examples show the running configurations for two CloudEOS and vEOS Router instances (CloudEOS and vEOS1 and CloudEOS and vEOS2). The instances are the tunnel endpoints of a VTI IPsec tunnel.

Running Configuration for CloudEOS and vEOS1

ip security
ike policy ikebranch1
integrity sha256
dh-group 15
!
sa policy sabranch1 
sa lifetime 2
pfs dh-group 14
!
profile hq
mode tunnel
ike-policy ikebranch1
sa-policy sabranch1
connection add
shared-key keyAristaHq
dpd 10 50 clear
!
interface Ethernet1
no switchport
ip address 1.0.0.1/24
!
interface Management1
ip address dhcp
!
interface Tunnel1 
mtu 1404
ip address 1.0.3.1/24
tunnel mode ipsec
tunnel source 1.0.0.1
tunnel destination 1.0.0.2
tunnel ipsec profile hq
!

Running Configuration for CloudEOS and vEOS2

ip security
ike policy ikebranch1
integrity sha256
dh-group 15
!
ike policy ikebranch2
dh-group 15
version 1
local-id 200.0.0.1
!
ike policy ikedefault
!
sa policy sabranch1
sa lifetime 2
pfs dh-group 14
!
profile hq
mode tunnel
ike-policy ikebranch1
sa-policy sabranch1
connection start
shared-key keyAristaHq
dpd 10 50 clear
!
interface Ethernet2 
no switchport
ip address 1.0.0.2/24
!
interface Management1 ip address dhcp
!
interface Tunnel1 
mtu 1404
ip address 1.0.3.2/24 
tunnel mode ipsec 
tunnel source 1.0.0.2
tunnel destination 1.0.0.1
tunnel ipsec profile hq
!