The Web Security Service (WSS) does not officially support Viptela routers.
However, it is possible to establish VPN tunnels over IPsec from these routers to the WSS.
For current instructions to configure an IPSEC connection with your Cisco SD-WAN(Viptela) router, refer to the support site here.
Cisco SD-WAN(Viptela)
Web Security Service
The VPN over IPsec deployment from the Cisco SD-WAN(Viptela) router can be done using the following configuration as a guide. Change the text in bold based on your network.
router1# sh run
vpn
vpn
0
dns
8.8.8.8 primary
interface ge0/0
description DESCRIPTION
ip
dhcp
-client
nat
!
tunnel-interface
encapsulation
ipsec
color gold restrict
no allow-service bgp
allow-service
dhcp
allow-service
dns
allow-service
icmp
no allow-service
sshd
no allow-service
netconf
allow-service
ntp
no allow-service
ospf
no allow-service stun
!
no shutdown
!
interface ge0/1
description DESCRIPTION-0
ip address AAA.BBB.XX.XX/28
no shutdown
!
ip route 0.0.0.0/0 AAA.BBB.XX.XX
!
vpn 1
interface ge0/2
description DESCRIPTION-1
ip address 192.168.1.1/24 (EXAMPLE)
tcp-mss-adjust 1300
no shutdown
dhcp-server
address-pool 192.168.1.0/24 (EXAMPLE)
offer-time 600
lease-time 86400
admin-state up
options
default-gateway 192.168.1.1 (EXAMPLE)
dns-servers 8.8.8.8
!
!
!
interface ipsec1
description DESCRIPTION-2
ip address 192.168.255.1/30 (EXAMPLE)
tunnel-source AAA.BBB.XX.XX
tunnel-destination DATACENTER'S IP
ike
version 1
mode main
rekey 3600
cipher-suite aes256-cbc-sha1
group 2
authentication-type
pre-shared-key
pre-shared-secret *****
!
!
!
ipsec
rekey 3600
replay-window 64
cipher-suite aes256-cbc-sha1
!
no shutdown
!
interface ipsec2
description DESCRIPTION-3
ip address 192.168.254.1/30 (EXAMPLE)
tunnel-source XX.XX.XX.XX (EXAMPLE)
tunnel-destination DATACENTER'S IP
ike
version 1
mode main
rekey 14400
cipher-suite aes256-cbc-sha1
group 2
authentication-type
pre-shared-key
pre-shared-secret *****
!
!
!
ipsec
rekey 3600
replay-window 64
cipher-suite aes256-cbc-sha1
!
no shutdown
!
ip route XX.XX.XX.XX/32 192.168.254.2 (EXAMPLE)
ip route XX.XX.XX.XX/32 192.168.255.2 (EXAMPLE)
!
--------------------------------------------------------------------------------------------------------------
router2# sh run
vpn
vpn
0
interface ge0/0
description DESCRIPTION
ip
dhcp
-client
nat
!
tunnel-interface
encapsulation
ipsec
color gold restrict
no allow-service bgp
allow-service
dhcp
allow-service
dns
allow-service
icmp
no allow-service
sshd
no allow-service
netconf
allow-service
ntp
no allow-service
ospf
allow-service stun
!
no shutdown
!
vpn
1
interface ge0/2
description DESCRIPTION
ip address 192.168.2.1/24 (EXAMPLE)
tcp-mss-adjust 1300
no shutdown
dhcp-server
address-pool 192.168.2.0/24 (EXAMPLE)
offer-time 600
lease-time 86400
admin-state up
options
default-gateway 192.168.2.1 (EXAMPLE)
dns-servers 8.8.8.8 (EXAMPLE)
!
!
!
!
--------------------------------------------------------------------------------------------------------------
These are the Cloud data center IPs where the VPN tunnel can be pointed to.