IPSEC vsys cli

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IPSEC vsys cli

L1 Bithead

Hi

I configure IPsec tunnel.
When I configure with manual on web interface, by default was adding vsys to Tunnel Interface--Virtual system.
But when i configure with cli doesn't visible vsys(it visibles empty).

which command i can used for adding vsys?

 

11 REPLIES 11

Cyber Elite
Cyber Elite

@Rajab725 

 

Do you have Multi vsys config in PA?

 

Regards

 

MP

Help the community: Like helpful comments and mark solutions.

L0 Member

Thanks for the information 

 

 

 

 

NJMCDirect

yes

@MP18  yes

@Rajab725 

Do you want to do config of tunnel interface via CLI or GUI?

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

As I stated above, I want to do everything with CLI.

And now i am able to :

>creating tunnel interface

>creating IKE gateway

>creating IPsec tunnel

>adding tunnel to routing.

But When I configure IPsec  on web interface, I am able to adding  vsys. It appears on the "Tunnel Interface"- - >"Virtual system tab" in "Network" - - -> "IPSec Tunnels" tab.
But when i configure with cli doesn't visible any vsys(it visibles empty). 

I have searched to this situation. as I understand it, If this section appear empty, vsys takes the default vsys value.

What I want is to be able to change vsys with CLI. I want some tunnel vsys to be vsys1, and others to vsys2.

@Rajab725 i just came across your post. Can you share syntax for the below that you have been able to accomplish via cli:

>creating tunnel interface

>creating IKE gateway

>creating IPsec tunnel

>adding tunnel to routing.

 

Thanks

@B_Hlokomayo 

 

Please try below CLI commands for IPSEC

 

The following information is used as example data for the commands.

Tunnel: Tunnel.10 (zone = vpn)
Name of the tunnel: NewYork VPN
Virtual Router: Virtual Router 1
IKE Crypto: ike-crypto-profile IKE_Profile
IKE Gateway: NewYork VPN
IPsec Crypto: ipsec-crypto-profile IPsec_Profile
Peer IP address: 100.100.100.1
Subnet on the other side of the tunnel: 192.168.3.0/24
The commands below should be executed in the order listed.

> configure

# set network interface tunnel units tunnel.10 ipv6 enabled no

# set network interface tunnel units tunnel.10 ipv6 interface-id EUI-64

# set network interface tunnel units tunnel.10 comment "NewYork VPN"

# set zone vpn network layer3 tunnel.10

# set network virtual-router "Virtual Router 1" interface [ ethernet1/1 ethernet1/2 ethernet1/3 ethernet1/4 tunnel.10 ]

# set network ike gateway NewYork VPN protocol ikev1 dpd enable no

# set network ike gateway NewYork VPN protocol ikev1 dpd interval 5

# set network ike gateway NewYork VPN protocol ikev1 dpd retry

# set network ike gateway NewYork VPN protocol ikev1 ike-crypto-profile IKE_Profile

# set network ike gateway NewYork VPN protocol ikev1 exchange-mode auto

# set network ike gateway NewYork VPN authentication pre-shared-key key paloalto

# set network ike gateway NewYork VPN protocol-common nat-traversal enable no

# set network ike gateway NewYork VPN protocol-common passive-mode no

# set network ike gateway NewYork VPN peer-address ip 100.100.100.1

# set network ike gateway NewYork VPN local-address interface ethernet1/1

# set network tunnel ipsec NewYork VPN auto-key ike-gateway NewYork VPN

# set network tunnel ipsec NewYork VPN auto-key ipsec-crypto-profile IPsec_Profile

# set network tunnel ipsec NewYork VPN tunnel-monitor enable no

# set network tunnel ipsec NewYork VPN anti-replay yes

# set network tunnel ipsec NewYork VPN copy-tos no

# set network tunnel ipsec NewYork VPN tunnel-interface tunnel.10

# set network virtual-router "Virtual Router 1" routing-table ip static-route Route_to_NewYork interface tunnel.10

# set network virtual-router "Virtual Router 1" routing-table ip static-route Route_to_NewYork metric 10

# set network virtual-router "Virtual Router 1" routing-table ip static-route Route_to_NewYork destination 192.168.3.0/24

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

@MP18 

Thanks

L0 Member

Thanks for the information. 

 

Njmcdirect

 

L0 Member

I noticed that this is still an issue with 10.1.6.  I just wanted to post an update that if I click on the tunnel interface in the GUI and then just click OK, that populates the virtual system field in the IPSec section of the GUI.  Something that the GUI updates in the config on the back-end that doesn't appear to happen with the cli commands (even using the syntax and commands mentioned previously).

  • 6463 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!