Steps to configure Cisco Versa-FlexVNF site to site VPN


Cisco CLI:
1. Create IKEv2 profile (keyring config).
        Internet facing IP address for the site-to-site VPN should be configured first and used in the IKEv2 profile.
        Subnet mask should be of the remote subnets.
2.  Create IPSec transform set on Cisco  ASA and IPSec profile with the transform set. 
3. Create tunnel interface.
        Create the Internet facing Interface and mention it as source endpoint in the tunnel interface created. 
        Destination endpoint of tunnel interface will be again Internet facing interface IP at remote site.
        Attach the tunnel interface as exit interface for remote site subnets by adding a static route. 

At Versa CLI:
1. Configure tunnel interface tvi and attach it to the routing-instance of the LAN VRF from where the traffic will traverse through the tunnel interface.
       Add the static route to access the remote subnets with nexthop as the tunnel interface.
       Tunnel interface tvi is attached to the vpn profile. 
2. vni interface facing Internet will be the transport domain WAN interface.
3. Create vpn-profile with type as site-to-site. local-auth-info and inet will be the Internet facing IP. 
        Configure the routing-instance as the transport VRF.
        Configure tunnel routing-instance as the LAN VRF from where traffic initiates.
4. Set IKE and IPSec parameters in vpn profile. 
        Configure transform set on IPSec,  mode = tunnel
        Configure IKE transform-set: peer-auth-info with details of the remote end (id string and inet is Internet facing IP)




To unlock the user account on the Versa Director (Web UI), use the Versa Director CLI and run the set nms provider user-account-status-trackings user-account-status-tracking <username> account-status unlock CLI command to unlock a user account. Where,  <username> is the login name of the locked account.

Steps to configure Cisco Versa-FlexVNF site to site VPN

At Cisco CLI:
1. Create IKEv2 profile (keyring config).
        Internet facing IP address for the site-to-site VPN should be configured first and used in the IKEv2 profile.
        Subnet mask should be of the remote subnets.
2.  Create IPSec transform set on Cisco  ASA and IPSec profile with the transform set.
3. Create tunnel interface.
        Create the Internet facing Interface and mention it as source endpoint in the tunnel interface created. 
        Destination endpoint of tunnel interface will be again Internet facing interface IP at remote site.
        Attach the tunnel interface as exit interface for remote site subnets by adding a static route. 

At Versa CLI:
1. Configure tunnel interface tvi and attach it to the routing-instance of the LAN VRF from where the traffic will traverse through the tunnel interface.
       Add the static route to access the remote subnets with nexthop as the tunnel interface.
       Tunnel interface tvi is attached to the vpn profile. 
2. vni interface facing Internet will be the transport domain WAN interface.
3. Create vpn-profile with type as site-to-site. local-auth-info and inet will be the Internet facing IP. 
        Configure the routing-instance as the transport VRF.
        Configure tunnel routing-instance as the LAN VRF from where traffic initiates.
4. Set IKE and IPSec parameters in vpn profile. 
        Configure transform set on IPSec,  mode = tunnel
        Configure IKE transform-set: peer-auth-info with details of the remote end (id string and inet is Internet facing IP)