Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

ip ipsec-route

vpn ip ipsec-route—Configure an IPsec-specific static route in a service VPN (a VPN other than VPN 0 or VPN 512) to direct traffic from the service VPN to an IPsec tunnel (on vEdge routers only).

vManage Feature Template

For vEdge routers only:

Configuration ► Templates ► VPN

Command Hierarchy

vpn vpn-id
  ip ipsec-route prefix/length vpn 0 interface ipsecnumber [ipsecnumber2]

Options

IPsec Interface Name
ipsecnumber [ipsecnumber2]
Name of the IPsec tunnel interface. If you configure two interfaces, the first is the primary IPsec tunnel, and the second is the backup. All packets are sent only to the primary tunnel. If that tunnel fails, all packets are then sent to the secondary tunnel. If the primary tunnel comes back up, all traffic is moved back to the primary IPsec tunnel.
Prefix of IPsec Static Route
prefix/length
IP address or prefix, in decimal four-part-dotted notation, and prefix length of the IPsec-specific static route.

Example

Configure an IPsec-specific static route in VPN 100 to direct traffic from that VPN to an IPsec tunnel in VPN 0. In VPN 0, the primary IPsec tunnel is the interface ipsec1 and the secondary IPsec tunnel is ipsec2.

vEdge# show running-config vpn 0
vpn 0
 interface ipsec1
  ip address 10.0.111.1/30
  tunnel-source-interface ge0/0
  tunnel-destination      172.168.1.1
  ike
   version      2
   rekey        14400
   cipher-suite aes256-cbc-sha1
   group        14
   authentication-type
    pre-shared-key
     pre-shared-secret R9VuFaRK7yxTUDtTrcK+
     local-id          admin@my-company.com
    !
   !
  !
  ipsec
   rekey                   3600
   replay-window           512
   cipher-suite            null-sha1
   perfect-forward-secrecy group-16
  !
  mtu                     1400
  tcp-mss-adjust          1300
  no shutdown
 !
 interface ipsec2
  ip address 10.0.111.5/30
  tunnel-source-interface ge0/0
  tunnel-destination      192.168.1.1
  ike
   version      2
   rekey        14400
   cipher-suite aes256-cbc-sha1
   group        14
   authentication-type
    pre-shared-key
     pre-shared-secret R9VuFaRK7yxTUDtTrcK+
     local-id          admin@my-company.com
    !
   !
  !
  ipsec
   rekey                   3600
   replay-window           512
   cipher-suite            null-sha1
   perfect-forward-secrecy group-16
  !
  mtu                     1400
  tcp-mss-adjust          1300
  no shutdown
 !
!
vEdge# show running-config vpn 100
vpn 100
 ip ipsec-route 0.0.0.0/0 vpn 0 interface ipsec1 ipsec2
! 

Release Information

Command introduced in Viptela Software Release 18.2.​

Additional Information

See the Configuring IKE-Enabled IPsec Tunnels article for your software release.
ip gre-route
ip route
keepalive
nat

  • Was this article helpful?