Configure DHCP Source IP Address for IPsec Tunnel

Note

Note

This procedure only applies to XA1400 Series.

Perform this procedure to dynamically obtain the source IP address for the IPsec tunnel from DHCP when you deploy the XA1400 Series in an environment that requires more than one provider connection with IPsec.

Before you begin

  • Disable IPsec on the logical interface.

  • Ensure that the DHCP client is enabled for the Management Instance VLAN interface.
  • Ensure that there is coexistence between the VOSS routing stack and the Management Instance VLAN interface. Use the propagate-to-routing command from the mgmt VLAN level to move to the coexistence mode automatically. For more information, see VLAN.

About this task

The static source IP address for the IPsec tunnel cannot be the same as the global or dynamically configured source IP address.

Procedure

  1. Enter Logical IS-IS Interface Configuration mode:

    enable

    configure terminal

    logical-intf isis <1–255>

  2. Import the source IP address from DHCP:

    ipsec tunnel-source-address type dhcp

  3. Enable IPsec on the logical interface:

    ipsec

Example

Switch:1>enable
Switch:1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch:1(config)#logical-intf isis 3
Switch:1(config-isis-3-198.51.100.1)#ipsec tunnel-source-address type dhcp
Switch:1(config-isis-3-198.51.100.1)#ipsec