Scribd
Upload
13 views

Hub-Spoke-Configuration-File

The document outlines the configuration settings for a HUB and SPOKE VPN setup, detailing the configurations for phase 1 and phase 2 interfaces, system interfaces, BGP routing, and firewall policies for both the HUB and multiple SPOKE locations. It specifies parameters such as IKE version, proposals, authentication methods, IP addresses, and access controls. Additionally, it includes firewall policies that manage traffic between LAN and VPN interfaces.

Uploaded by

Sheraz Javed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
13 views

Hub-Spoke-Configuration-File

The document outlines the configuration settings for a HUB and SPOKE VPN setup, detailing the configurations for phase 1 and phase 2 interfaces, system interfaces, BGP routing, and firewall policies for both the HUB and multiple SPOKE locations. It specifies parameters such as IKE version, proposals, authentication methods, IP addresses, and access controls. Additionally, it includes firewall policies that manage traffic between LAN and VPN interfaces.

Uploaded by

Sheraz Javed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 6

HUB and SPOKE Configuration

===================================================================================
==========
===================================================================================
==========
config vpn ipsec phase1-interface
edit advpn
set ike-version 2
set proposal des-md5
set dhgrp 5
set authmethod psk
set psksecret test123
set nattraversal disable
set keylife 86400
set dpd on-demand
set dpd-retrycount 3
set dpd-retryinterval 20
set interface port1
set type dynamic
set peertype any
set net-device disable
set add-route disable
set exchange-interface-ip enable
next
end

config vpn ipsec phase2-interface


edit advpn
set encapsulation tunnel-mode
set proposal des-md5
set pfs disable
set keylife-type seconds
set keylifeseconds 43200
set keepalive disable
set phase1name advpn
next
end

config system interface


edit advpn
set ip 172.16.1.1/32
set remote-ip 172.16.1.254/24
set allowaccess ping
set type tunnel
set interface port1
next
end

config router bgp


set as 65000
set router-id 10.0.1.254
set ibgp-multipath enable

config neighbor-group
edit advpn-peers
set remote-as 65000
set interface advpn
set update-source advpn
set route-reflector-client enable
next
end
config neighbor-range
edit 1
set prefix 172.16.1.0 255.255.255.0
set neighbor-group advpn-peers
next
end
config network
edit 1
set prefix 10.0.1.0 255.255.255.0
next
end
end

config firewall policy


edit 1
set name LAN-to-VPN
set srcintf port3
set dstintf advpn
set action accept
set srcaddr all
set dstaddr all
set schedule always
set service ALL
set logtraffic all
set status enable
end

config firewall policy


edit 2
set name VPN-to-LAN
set srcintf advpn
set dstintf port3
set action accept
set srcaddr all
set dstaddr all
set schedule always
set service ALL
set logtraffic all
set status enable
end

config firewall policy


edit 4
set name VPN-to-VPN
set srcintf advpn
set dstintf advpn
set action accept
set srcaddr all
set dstaddr all
set schedule always
set service ALL
set logtraffic all
set status enable
end
----------------------------------------------------------------------
DC-Spoke Configuration:
config vpn ipsec phase1-interface
edit advpn
set ike-version 2
set proposal des-md5
set dhgrp 5
set authmethod psk
set psksecret test123
set nattraversal disable
set keylife 86400
set dpd on-idle
set dpd-retrycount 3
set dpd-retryinterval 20
set interface port1
set type static
set peertype any
set remote-gw 192.168.1.1
set net-device enable
set exchange-interface-ip enable
next
end

config vpn ipsec phase2-interface


edit advpn
set encapsulation tunnel-mode
set proposal des-md5
set pfs disable
set keylife-type seconds
set keylifeseconds 43200
set phase1name advpn
set auto-negotiate enable
next
end

config system interface


edit advpn
set ip 172.16.1.2/32
set remote-ip 172.16.1.1/24
set allowaccess ping
set type tunnel
set interface port1
next
end

config router bgp


set as 65000
set router-id 10.0.2.254
set ibgp-multipath enable
config neighbor
edit 172.16.1.1
set remote-as 65000
set interface advpn
set update-source advpn
next
end
config network
edit 1
set prefix 10.0.2.0 255.255.255.0
next
end
end

config firewall policy


edit 2
set name LAN-to-VPN
set srcintf port3
set dstintf advpn
set action accept
set srcaddr all
set dstaddr all
set schedule always
set service ALL
set logtraffic all
set status enable
end

config firewall policy


edit 3
set name VPN-to-LAN
set srcintf advpn
set dstintf port3
set action accept
set srcaddr all
set dstaddr all
set schedule always
set service ALL
set logtraffic all
set status enable
end
================================================================
BR-Spoke Configuration:

config vpn ipsec phase1-interface


edit advpn
set ike-version 2
set proposal des-md5
set dhgrp 5
set authmethod psk
set psksecret test123
set nattraversal disable
set keylife 86400
set dpd on-idle
set dpd-retrycount 3
set dpd-retryinterval 20
set interface port1
set type static
set peertype any
set remote-gw 192.168.1.1
set net-device enable
set exchange-interface-ip enable
next
end

config vpn ipsec phase2-interface


edit advpn
set encapsulation tunnel-mode
set proposal des-md5
set pfs disable
set keylife-type seconds
set keylifeseconds 43200
set phase1name advpn
set auto-negotiate enable
next
end

config system interface


edit advpn
set ip 172.16.1.3/32
set remote-ip 172.16.1.1/24
set allowaccess ping
set type tunnel
set interface port1
next
end

config router bgp


set as 65000
set router-id 10.0.3.254
set ibgp-multipath enable
config neighbor
edit 172.16.1.1
set remote-as 65000
set interface advpn
set update-source advpn
next
end
config network
edit 1
set prefix 10.0.3.0 255.255.255.0
next
end
end

config firewall policy


edit 2
set name LAN-to-VPN
set srcintf port2
set dstintf advpn
set action accept
set srcaddr all
set dstaddr all
set schedule always
set service ALL
set logtraffic all
set status enable
end

config firewall policy


edit 3
set name VPN-to-LAN
set srcintf advpn
set dstintf port2
set action accept
set srcaddr all
set dstaddr all
set schedule always
set service ALL
set logtraffic all
set status enable
end
=================================================================

You might also like