Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

interface ipsec

vpn interface ipsec—Configure an IKE-enabled IPsec tunnel that provides authentication and encryption to ensure secure packet transport (on vEdge routers only). You can create the IPsec tunnel in the transport VPN (VPN 0) and in any service VPN (VPN 1 through 65530, except for 512).

vManage Feature Template

For vEdge routers only:

Configuration ► Templates ► VPN Interface IPsec

Command Hierarchy

vpn vpn-id
  interface ipsecnumber
    dead-peer-detection interval seconds retries number
    description text
    ike
      authentication-type type
        local-id id
        pre-shared-secret password 
        remote-id id
      cipher-suite suite
      group number
      mode mode
      rekey seconds
      version number
    ip address ipv4-prefix/length
    ipsec 
      cipher-suite suite
      perfect-forward-secrecy pfs-setting      
      rekey seconds
      replay-window number
    mtu bytes
    [no] shutdown
    tcp-mss-adjust bytes
    tunnel-destination (dns-name | ipv4-address)
    (tunnel-source ip-address | tunnel-source-interface interface-name)

Options

Interface Description
description text
Text description of the ipsec interface. The text can be a maximum of 128 characters. If it includes spaces, enclose the entire string in quotation marks (" ").
Interface Name
ipsecnumber
Number of the ipsec interface.
Range: 1 through 255

Example

Configure IKEv1 on a router:

vEdge# show running-config vpn 1 interface ipsec1
vpn 1
 interface ipsec1
  ip address 10.1.1.1/30
  tunnel-source       10.1.15.15
  tunnel-destination  10.1.16.16
  dead-peer-detection interval 10 retries 3
  ike
   version     1
   mode         main
   rekey       14400
   cipher-suite aes256-sha1
   group       16
   authentication-type
    pre-shared-key
     pre-shared-secret viptela
    !
   !
  !
  ipsec
   rekey         14400
   replay-window 512
   cipher-suite  aes256-cbc-sha1
  !
  flow-control        autoneg
  no clear-dont-fragment
  no pmtu
  mtu                 1500
  autonegotiate
  shutdown
  arp-timeout         1200
  no block-non-source-ip
 !
!

Release Information

Command introduced in Viptela Software Release 17.2.​
In Release 18.2, add support for IPsec tunnels in VPN 0.

Additional Information

See the Configuring IKE-Enabled IPsec Tunnels article for your software release.

  • Was this article helpful?