Configure an IPsec Tunnel

Information

To configure an IPsec tunnel interface for secure transport traffic from a service network, you create a logical IPsec interface.

You can create the IPsec tunnel in the transport VPN (VPN 0) and in any service VPN (VPN 1 through 65530, except for 512).

The IPsec interface has a name in the format ipsecnumber, where number can be from 1 through 255.

Each IPsec interface must have an IPv4 address. This address must be a /30 prefix. All traffic in the VPN that is within this IPv4 prefix is directed to a physical interface in VPN 0 to be sent securely over an IPsec tunnel.

See https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/vedge-20-x/security-book/config-sec-param.html for more information.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

vEdge(config)# vpn vpn-id interface ipsecnumber
vEdge(config-interface-ipsec)# ip address ipv4-prefix/length
vEdge(config-interface-ipsec)# (tunnel-source ip-address | tunnel-source-interface interface-name)
vEdge(config-interface-ipsec)# tunnel-destination ipv4-address
vEdge(config-interface-ipsec)# no shutdown

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-4

Plugin: Cisco_Viptela

Control ID: a536c2a7e049d60a90703947a64f94d1d90fdc17bd69af9dd29206e185f80097