vpn service—Configure a service, such as a firewall or IDS, that is present on the local network in which the vEdge router is located (on vEdge routers only). Configuring a service allows it to be used in a service chaining policy. You can configure services in all VPNs except for VPN 0, which is the transport VPN reserved for the control plane.
vManage Feature Template
For vEdge routers only:
Configuration ► Templates ► VPN
vpn vpn-id service service-name address ip-address vpn vpn-id service service-name interface grenumber1 [grenumber2]
- Type of Service
Type of service available at the local site and in the VPN. Standard services are firewall, IDS, and IDP. Four custom services are available.
Values: FW, IDP, IDS, netsvc1, netsvc2, netsvc3, netsvc4, TE
- Location of Service
- address ip-address
interface grenumber1 [grenumber2]
IP address of the the service device, or GRE interface through which the service is reachable.
You can specify up to four IP address. The service is advertised to the vSmart controller only if the address (or one of the addresses) can be resolved locally, at the local site, and not via routes learned through OMP.
When configuring a GRE tunnel, specify the names of one or two GRE interfaces. If you configure two, the first interface is the primary GRE tunnel, and the second is the backup tunnel. All packets are sent only to the primary tunnel. If that tunnel fails, all packets are then sent to the secondary tunnel. If the primary tunnel comes back up, all traffic is moved back to the primary GRE tunnel.
Configure a firewall service that is available in VPN 1:
vpn 1 service FW address 10.0.2.11
Command introduced in Viptela Software Release 14.1.
In Release 14.2, the configured IP address of the service must be able to be resolved locally.
In Release 15.4.1, add support for GRE interfaces.
In Release 17.2.0, add support for traffic engineering (TE) service.