-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathconfig.onpremises.tftpl
76 lines (74 loc) · 2.1 KB
/
config.onpremises.tftpl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
crypto ikev2 proposal azure-proposal
encryption aes-cbc-256 aes-cbc-128 3des
integrity sha1
group 2
exit
!
crypto ikev2 policy azure-policy
proposal azure-proposal
exit
!
crypto ikev2 keyring azure-keyring
peer ${gateway_public_ip_001}
address ${gateway_public_ip_001}
pre-shared-key ${authorization_key}
exit
peer ${gateway_public_ip_002}
address ${gateway_public_ip_002}
pre-shared-key ${authorization_key}
exit
exit
!
crypto ikev2 profile azure-profile
match address local interface GigabitEthernet1
match identity remote address ${gateway_public_ip_001} 255.255.255.255
match identity remote address ${gateway_public_ip_002} 255.255.255.255
authentication remote pre-share
authentication local pre-share
keyring local azure-keyring
exit
!
crypto ipsec transform-set azure-ipsec-proposal-set esp-aes 256 esp-sha-hmac
mode tunnel
exit
crypto ipsec profile azure-vti
set transform-set azure-ipsec-proposal-set
set ikev2-profile azure-profile
set security-association lifetime kilobytes 102400000
set security-association lifetime seconds 3600
exit
!
interface Tunnel0
ip unnumbered GigabitEthernet1
ip tcp adjust-mss 1350
tunnel source GigabitEthernet1
tunnel mode ipsec ipv4
tunnel destination ${gateway_public_ip_001}
tunnel protection ipsec profile azure-vti
exit
!
interface Tunnel1
ip unnumbered GigabitEthernet1
ip tcp adjust-mss 1350
tunnel source GigabitEthernet1
tunnel mode ipsec ipv4
tunnel destination ${gateway_public_ip_002}
tunnel protection ipsec profile azure-vti
exit
!
router bgp ${on_premises_asn}
bgp router-id interface GigabitEthernet1
bgp log-neighbor-changes
neighbor ${gateway_private_ip_001} remote-as 65515
neighbor ${gateway_private_ip_001} ebgp-multihop 5
neighbor ${gateway_private_ip_001} update-source GigabitEthernet1
neighbor ${gateway_private_ip_002} remote-as 65515
neighbor ${gateway_private_ip_002} ebgp-multihop 5
neighbor ${gateway_private_ip_002} update-source GigabitEthernet1
!
ip route ${gateway_private_ip_001} 255.255.255.255 Tunnel0
ip route ${gateway_private_ip_002} 255.255.255.255 Tunnel1
!
end
!
wr mem