-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathiot.j2
54 lines (53 loc) · 1.82 KB
/
iot.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key {{ dmvpn.isakmp_key }} address 0.0.0.0
!
crypto ipsec transform-set TS esp-aes esp-sha-hmac
mode tunnel
!
crypto ipsec profile protect-IoT
set security-association lifetime seconds 86400
set transform-set TS
!
{%- for intf in interfaces -%}
{% if intf.type is defined and intf.type == "tunnel" %}
interface {{ intf.ifname }}
description 4G-IoT-Tunnel
ip address {{ intf.ipv4|ipaddr('address') }} {{ intf.ipv4|ipaddr('netmask') }}
{% endif %}
{% endfor%}
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/2
{% for intf in hostvars[inventory_hostname].interfaces %}
{% if intf.role is defined and intf.role == "wan" %}
{% for n in intf.neighbors %}
tunnel destination {{ n.ipv4|ipaddr('address') }}
{% endfor%}
{% endif %}
{% endfor %}
tunnel path-mtu-discovery
tunnel protection ipsec profile protect-IoT
!
{% for tunint in interfaces if tunint.type is defined and tunint.type == "tunnel" %}
{% for n in tunint.neighbors %}
{% for intf in hostvars['iotprovider'].interfaces %}
{% if intf.type is defined and intf.type == "lan" %}
{% set iotip = intf %}
{% for intff in hostvars['firewall'].interfaces %}
{% if intff.type is defined and intff.type == "lan" %}
{% if inventory_hostname == "iotprovider" %}
ip route {{ intff.ipv4|ipaddr('network') }} {{ intff.ipv4|ipaddr('netmask') }} {{ n.ipv4|ipaddr('address') }} name Prevent_recursive_routing
{% elif inventory_hostname == "firewall" %}
ip route {{ iotip.ipv4|ipaddr('network') }} {{ iotip.ipv4|ipaddr('netmask') }} {{ n.ipv4|ipaddr('address') }} name Prevent_recursive_routing
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% endfor%}
{% endfor%}
{% endfor%}
!