Symantec Web Security Services Integration Guide
    : Sample Traditional IPSEC Router Configuration
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. CloudBlades Integration and Deployment
    5. Symantec Web Security Services Integration Guide
    6. Configure Symantec Integration
    7. Sample Traditional IPSEC Router Configuration
    Download PDF

    Symantec Web Security Services Integration Guide

    Sample Traditional IPSEC Router Configuration

    Table of Contents

    Sample Traditional IPSEC Router Configuration

    Below is an example open-source router configuration that can be used optionally for Virtual Data Centers where desired.
    This configuration was tested with VyOS (https://vyos.io/) Version 1.1.7.
    /*The following IPs must be changed to match your environment.= 52.10.10.10= 10.1.1.100, 10.1.1.101= 13.10.10.10= 14.10.10.10= 10.1.0.1= 10.1.0.10/24= 10.1.1.10/24Public IP (Service Center DataCenter) Prisma SD-WAN ION 7000sSymantec Public Endpoint IP ASymantec Public Endpoint IP BDefault GatewayLocal system IP eth0Local system IP eth1*/#vyos-configinterfaces {ethernet eth0 {address dhcpduplex autosmp_affinity autospeed auto}ethernet eth1 {address 10.1.1.10/24}loopback lo {}Prisma SD-WAN - Public Application Note 14vti vti0 {address 192.168.1.254/32ip {source-validation disable}mtu 1436}vti vti1 {address 192.168.1.253/32ip {source-validation disable}mtu 1436}}protocols {bgp 7501 {neighbor 10.1.1.100 {peer-group CLOUDGENIX}neighbor 10.1.1.101 {peer-group CLOUDGENIX}peer-group CLOUDGENIX {nexthop-selfremote-as 7502}}Prisma SD-WAN - Public Application Note 15static {/*Static routes - for active/active, set same AD.active/backup, make backup higher.*/interface-route 0.0.0.0/0 {next-hop-interface vti0 {distance 206}next-hop-interface vti1 {distance 208}}route 13.10.10.10/32 {next-hop 10.1.0.1 {}}route 14.10.10.10/32 {next-hop 10.1.0.1 {}}route 12.101.3.4/32 {next-hop 10.1.0.1 {}}}}Prisma SD-WAN - Public Application Note 16service {cloudinit {environment ec2}ssh {disable-host-validationdisable-password-authenticationport 22}}system {host-name SC-CUSTOMER-SymantecWSS-us-east-1-CORE-ROUTERtime-zone UTC}vpn {ipsec {esp-group ESP-1W {compression disablelifetime 3600mode tunnelpfs dh-group2proposal 1 {encryption 3deshash sha1}}ike-group IKE-1W {ikev2-reauth nokey-exchange ikev1lifetime 28800proposal 1 {dh-group 2encryption 3deshash sha1Prisma SD-WAN - Public Application Note 17}}ipsec-interfaces {interface eth0}nat-networks {allowed-network 0.0.0.0/0 {}}site-to-site {peer 14.10.10.10 {authentication {id 52.10.10.10mode pre-shared-secretpre-shared-secret <REMOVED-ENTER-YOUR-OWN>}connection-type initiateike-group IKE-GR1ikev2-reauth inheritlocal-address 10.1.0.10vti {bind vti1esp-group ESP-GR1}}peer 13.10.10.10 {authentication {id 52.10.10.10mode pre-shared-secretpre-shared-secret <REMOVED-ENTER-YOUR-OWN>}connection-type initiateike-group IKE-GR1ikev2-reauth inheritPrisma SD-WAN - Public Application Note 18local-address 10.1.0.10vti {bind vti0esp-group ESP-GR1}}}}}

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.