When configured, this source IP is expected to be used for all the local-out (outgoing) traffic from this interface. What concerns Jinja, this means for example, that the overlay IPSEC tunnels will be terminated on this IP (thanks to set local-gw in the tunnel configuration).
The implementation will create a new loopback interface called Lo-wan<index> (e.g. Lo-wan1) with this IP.
The format is the same as for ip (thus including the mask, e.g. "1.2.3.4/32").
NOTE: For the correct ADVPN operation, a firewall policy is required on the Spokes, to permit incoming traffic from the WAN interfaces to the new Lo-wan<*> interface. This is a standard FOS requirement for traffic destined to the loopback interfaces.
Add support for an optional parameter
src_ipin the profile interfaces, for example:When configured, this source IP is expected to be used for all the local-out (outgoing) traffic from this interface. What concerns Jinja, this means for example, that the overlay IPSEC tunnels will be terminated on this IP (thanks to
set local-gwin the tunnel configuration).The implementation will create a new loopback interface called
Lo-wan<index>(e.g.Lo-wan1) with this IP. The format is the same as forip(thus including the mask, e.g. "1.2.3.4/32").NOTE: For the correct ADVPN operation, a firewall policy is required on the Spokes, to permit incoming traffic from the WAN interfaces to the new Lo-wan<*> interface. This is a standard FOS requirement for traffic destined to the loopback interfaces.