SDN+NFV

Vyatta Azure Static Routing VPN Template 1 (Script)

by ‎04-03-2014 02:03 PM - edited ‎04-03-2014 03:11 PM (2,065 Views)

DRAFT 1.0
Microsoft Corporation
! Windows Azure Virtual Network
! This configuration template applies to the Brocade Vyatta vRouter running release 6.6R3 or later.
! It configures an IPSec VPN tunnel connecting your on-premise bare-metal or virtualized Vyatta VPN deployment with the Azure gateway.

! ---------------------------------------------------------------------------------------------------------------------
! Assumptions
!
! You have internet routable space assigned to the outside interface of your Brocade Vyatta vRouter and IPSEC protocols (UDP/ESP) are permitted in/out of your network.
! Ensure that an appropriate routing protocol is enabled and you have connectivity to the Azure VPN Gateway Peer
! ---------------------------------------------------------------------------------------------------------------------
! Internet Key Exchange (IKE) configuration
!
! This section demonstrates how to set the authentication, encryption, hashing and lifetime parameters for the Phase 1 negotiation
! and the main mode security association.
!
set vpn ipsec esp-group <RP_AzureNetwork> compression 'disable'
set vpn ipsec esp-group <RP_AzureNetwork> lifetime '3600'
set vpn ipsec esp-group <RP_AzureNetwork> mode 'tunnel'
set vpn ipsec esp-group <RP_AzureNetwork> pfs 'disable'
set vpn ipsec esp-group <RP_AzureNetwork> proposal 1 encryption 'aes256'
set vpn ipsec esp-group <RP_AzureNetwork> proposal 1 hash 'sha1'
set vpn ipsec ike-group <RP_AzureNetwork> lifetime '28800'
set vpn ipsec ike-group <RP_AzureNetwork> proposal 1 dh-group '2'
set vpn ipsec ike-group <RP_AzureNetwork> proposal 1 encryption 'aes256'
set vpn ipsec ike-group <RP_AzureNetwork> proposal 1 hash 'sha1'
!
! ---------------------------------------------------------------------------------------------------------------------
! Outside Interface Configuration
! This binds your external interface to the IPSEC policy to allow cross-premise traffic
!
set vpn ipsec ipsec-interfaces interface '<YourOutsideInterfaceName>'
!
!
! ---------------------------------------------------------------------------------------------------------------------
! Azure Virtual Network Gateway Configuration
! These settings configure the Azure VPN Peer, shared-key, binds the exp and ike groups and establishes a tunnel interface.
!
set vpn ipsec site-to-site peer <SP_AzureGatewayIpAddress> authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer <SP_AzureGatewayIpAddress> authentication pre-shared-secret '<SP_PresharedKey>'
set vpn ipsec site-to-site peer <SP_AzureGatewayIpAddress> connection-type 'initiate'
set vpn ipsec site-to-site peer <SP_AzureGatewayIpAddress> default-esp-group '<RP_AzureNetwork>'
set vpn ipsec site-to-site peer <SP_AzureGatewayIpAddress> description '<AzureNetworkNameDescription>'
set vpn ipsec site-to-site peer <SP_AzureGatewayIpAddress> ike-group '<RP_AzureNetwork>'
set vpn ipsec site-to-site peer <SP_AzureGatewayIpAddress> local-address '<YourOutsideInterfaceIP'
set vpn ipsec site-to-site peer <SP_AzureGatewayIpAddress> tunnel <YourTunnel#> allow-nat-networks 'disable'
set vpn ipsec site-to-site peer <SP_AzureGatewayIpAddress> tunnel <YourTunnel#> allow-public-networks 'disable'
set vpn ipsec site-to-site peer <SP_AzureGatewayIpAddress> tunnel <YourTunnel#> local prefix '<SP_OnPremisesNetworkIpRange>/CIDR'
set vpn ipsec site-to-site peer <SP_AzureGatewayIpAddress> tunnel <YourTunnel#> remote prefix '<SP_AzureNetworkIpRange>/CIDR'
!
! END
! ---------------------------------------------------------------------------------------------------------------------

Contributors