Recipe Environment

The information in this section defines the configuration environment for this recipe. These example values can be substituted with the actual corresponding values for a real-world implementation.

Topology Diagram

../../_images/diagram-tnsr-ipsec-hub.png

TNSR IPsec Hub

TNSR and Peer Network Configuration

TNSR Configuration

Item

Value

VRF Name

default

LAN Interface

GigabitEthernetb/0/0

LAN Subnet

192.168.0.0/24

LAN IP Address static

192.168.0.1/24

WAN Interface

GigabitEthernet13/0/0

WAN IP Address DHCP

10.129.0.10/24

IPsec VTI Peer 1 IP Address

10.131.1.1/30

IPsec VTI Peer 2 IP Address

10.131.2.1/30

IPsec VTI Peer 3 IP Address

10.131.3.1/30
Peer 1 Network Configuration

Item

Value

LAN Interface

LAN

LAN Subnet

192.168.1.0/24

LAN IP Address static

192.168.1.1/24

WAN Interface

WAN

WAN IP Address DHCP

10.129.0.11/24

IPsec VTI TNSR IP Address

10.131.1.2/30
Peer 2 Network Configuration

Item

Value

LAN Interface

LAN

LAN Subnet

192.168.2.0/24

LAN IP Address static

192.168.2.1/24

WAN Interface

WAN

WAN IP Address DHCP

10.129.0.12/24

IPsec VTI TNSR IP Address

10.131.2.2/30
Peer 3 Network Configuration

Item

Value

LAN Interface

LAN

LAN Subnet

192.168.3.0/24

LAN IP Address static

192.168.3.1/24

WAN Interface

WAN

WAN IP Address DHCP

10.129.0.13/24

IPsec VTI TNSR IP Address

10.131.3.2/30

TNSR and Peer IPsec Configuration

General IPsec settings are the same for every node.

IPsec IKE/Phase 1 Configuration

Item

Value

Network Interface

WAN Interface

IKE type

IKEv2

Authentication method

PSK

Pre-Share Key

01234567

Local identifier

WAN IP Address

Remote identifier

Remote WAN IP Address

Encryption

AES-256-CBC

Hash

SHA256

DH group

14 (2048 bit modulus)

Lifetime

28800
IPsec SA/Phase 2 Configuration

Item

Value

Mode

Routed IPsec (VTI)

Protocol

ESP

Encryption

AES-256-CBC

Hash

SHA256

PFS group

14 (2048)

Lifetime

3600