Config VPN CLI

IT_Field_Support
IT_Field_Support Posts: 97  Ally Member
First Anniversary Friend Collector First Comment
edited April 2021 in Security

Hi,


I would like to know the command to change the VPN Peer primary Gateway Address . I need to change the gateway IP on many routers with a script but cannot find the right command in the CLI manual.


Thanks,


Davy

Comments

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,431  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @IT_Field_Support

    The cli as below, 

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    configure terminal

    isakmp policy [VPNGateway name]

    peer-ip [Peer primary Gateway Address] 0.0.0.0

    exit 

    write

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Let us know if you need any help.😀

  • IT_Field_Support
    IT_Field_Support Posts: 97  Ally Member
    First Anniversary Friend Collector First Comment

    Thanks for the answer. With this command I can enter in VPN_connection profile but it is not working for VPN Gateway profile, I have this error when I try to call the VPN Gateway profile :

    % v2 -> v1policy name: vpn_gateway_msfch

    retval = -18006

    ERROR: setting failed!

  • IT_Field_Support
    IT_Field_Support Posts: 97  Ally Member
    First Anniversary Friend Collector First Comment

    Okay, this is strange, I did :

    configure terminal

    isakmp policy Test


    It created a new VPNGateway named "test".

    But when I try to call my already setup VPNGateway it failed, but I can call the "test" one without any problem.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,431  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited August 2019

    Hi @IT_Field_Support

    Can you try it again via SSH access without script? Input CLI one by one.

    Will it have error if you type “isakmp policy vpn_gateway_msfch”

  • IT_Field_Support
    IT_Field_Support Posts: 97  Ally Member
    First Anniversary Friend Collector First Comment

    Ok I did all my test with a putty ssh session.

    I still have the error when I try to do :

    “isakmp policy vpn_gateway_msfch"

    I tried to disable the gateway and disable both VPN attached to it and I have the same error

    Router(config)# isakmp policy vpn_gateway_msfch
    % v2 -> v1
    policy name: vpn_gateway_msfch
    retval = -18006
    ERROR: setting failed!
    Router(config)#
    


    Thanks

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,431  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @IT_Field_Support ,

    Just noticed the error message “% v2 -> v1”. 

    If VPN tunnel is IKEv2, the CLI is ikev2

    You can try it again with cli below,

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    configure terminal

    ikev2 policy [VPNGateway name]

    peer-ip [Peer primary Gateway Address] 0.0.0.0

    exit 

    write

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • IT_Field_Support
    IT_Field_Support Posts: 97  Ally Member
    First Anniversary Friend Collector First Comment

    Perfect !

    Thanks a lot !

Security Highlight