Configure Static Source IP Address for IPsec Tunnel

Note

Note

This procedure only applies to XA1400 Series.

Perform this procedure to configure a specific source IP address for the IPsec tunnel when you deploy the XA1400 Series in an environment that requires more than one provider connection with IPsec.

Before you begin

  • Configure a VLAN, brouter, or CLIP IP address for the IPsec tunnel to use; this address must be in the same VRF as the tunnel.

  • Disable IPsec on the logical interface.

About this task

The static source IP address for the IPsec tunnel cannot be the same as the global or dynamically configured source IP address.

Procedure

  1. Enter Logical IS-IS Interface Configuration mode:

    enable

    configure terminal

    logical-intf isis <1–255>

  2. Configure the IP address to use as the source IP address for IPsec tunnel:

    ipsec tunnel-source-address type static {A.B.C.D}

  3. Enable IPsec on the logical interface:

    ipsec

Example

Switch:1>enable
Switch:1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch:1(config)#logical-intf isis 3
Switch:1(config-isis-3-198.51.100.1)#ipsec tunnel-source-address type static 20.20.20.20
Switch:1(config-isis-3-198.51.100.1)#ipsec

Variable Definitions

The following table defines parameters for the ipsec tunnel-source-address type static command.

Variable Value
{A.B.C.D}

Specifies the manually configured source IP address for the IPsec tunnel. The source IP address must be on the same VRF as the source IP address for the IP tunnel.