Netskope Help

Appendix
CLI Configuration
admin@branch-cloud-1-cli> show configuration orgs org-services testdemo ipsec vpn-profile netskope-gw-1
vpn-type                site-to-site;
local-auth-info {
    auth-type psk;
    id-type   ip;
    key       1234;
    id-string 54.189.122.221;
}
local {
    interface-name vni-0/0.0;
}
routing-instance        AWS-INTERNET-Transport-VR;
tunnel-routing-instance testdemo-LAN-VR;
tunnel-initiate         automatic;
ipsec {
    fragmentation pre-fragmentation;
    force-nat-t   disable;
    transform     esp-aes128-sha512;
    mode          tunnel;
    pfs-group     mod14;
    anti-replay   enable;
    life {
        duration 28800;
    }
}
ike {
    version     v2;
    group       mod14;
    transform   aes128-sha512;
    lifetime    28800;
    dpd-timeout 30;
}
peer-auth-info {
    auth-type psk;
    id-type   ip;
    key       1234;
    id-string 8.36.116.114;
}
peer {
    address [ 8.36.116.114 ];
}
rule http {
    protocol any;
    src {
        inet 0.0.0.0/0;
        port 0;
        }
        dst {
            inet 0.0.0.0/0;
            port 80;
        }
    }
    rule https {
        protocol any;
        src {
            inet 0.0.0.0/0;
            port 0;
        }
        dst {
            inet 0.0.0.0/0;
            port 443;
        }
    }
    [ok][2020-05-15 11:58:36]
    admin@branch-cloud-1-cli>
admin@branch-cloud-1-cli> show configuration orgs org-services testdemo ipsec vpn-profile netskope-gw-2
vpn-type                site-to-site;
local-auth-info {
    auth-type psk;
    id-type   ip;
    key       1234;
    id-string 54.189.122.221;
}
local {
    interface-name vni-0/0.0;
}
routing-instance        AWS-INTERNET-Transport-VR;
tunnel-routing-instance testdemo-LAN-VR;
tunnel-initiate         automatic;
ipsec {
    fragmentation pre-fragmentation;
    force-nat-t   disable;
    transform     esp-aes128-sha512;
    mode          tunnel;
    pfs-group     mod14;
    anti-replay   enable;
    life {
        duration 28800;
    }
}
ike {
    version     v2;
    group       mod14;
    transform   aes128-sha512;
    lifetime    28800;
    dpd-timeout 30;
    }
    peer-auth-info {
        auth-type psk;
        id-type   ip;
        key       1234;
        id-string 163.116.132.38;
    }
    peer {
        address [ 163.116.132.38 ];
    }
    rule http {
        protocol any;
        src {
            inet 0.0.0.0/0;
            port 0;
        }
        dst {
            inet 0.0.0.0/0;
            port 80;
        }
    }
    [ok][2020-05-15 11:59:09]
    admin@branch-cloud-1-cli>
Display SET View
admin@branch-cloud-1-cli> show configuration orgs org-services testdemo ipsec vpn-profile netskope-gw-1 | display set

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 vpn-type site-to-site

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 local-auth-info

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 local-auth-info auth-type psk

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 local-auth-info id-type ip

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 local-auth-info key 1234

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 local-auth-info id-string 54.189.122.221

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 local

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 local interface-name vni-0/0.0

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 routing-instance AWS-INTERNET-Transport-VR

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 tunnel-routing-instance testdemo-LAN-VR

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 tunnel-initiate automatic

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 ipsec fragmentation pre-fragmentation

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 ipsec force-nat-t disable

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 ipsec transform esp-aes128-sha512

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 ipsec mode tunnel

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 ipsec pfs-group mod14

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 ipsec anti-replay enable

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 ipsec life duration 28800

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 ike version v2

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 ike group mod14

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 ike transform aes128-sha512

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 ike lifetime 28800

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 ike dpd-timeout 30

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 peer-auth-info

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 peer-auth-info auth-type psk

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 peer-auth-info id-type ip

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 peer-auth-info key 1234

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 peer-auth-info id-string 8.36.116.114

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 peer

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 peer address [ 8.36.116.114 ]

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 rule http protocol any

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 rule http src inet 0.0.0.0/0

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 rule http src port 0

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 rule http dst inet 0.0.0.0/0

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 rule http dst port 80

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 rule https protocol any

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 rule https src inet 0.0.0.0/0

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 rule https src port 0

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 rule https dst inet 0.0.0.0/0

set orgs org-services testdemo ipsec vpn-profile netskope-gw-1 rule https dst port 443

[ok][2020-05-15 11:59:45]
admin@branch-cloud-1-cli> show configuration orgs org-services testdemo ipsec vpn-profile netskope-gw-2 | display set

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 vpn-type site-to-site

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 local-auth-info

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 local-auth-info auth-type psk

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 local-auth-info id-type ip

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 local-auth-info key 1234

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 local-auth-info id-string 54.189.122.221

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 local

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 local interface-name vni-0/0.0

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 routing-instance AWS-INTERNET-Transport-VR

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 tunnel-routing-instance testdemo-LAN-VR

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 tunnel-initiate automatic

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 ipsec fragmentation pre-fragmentation

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 ipsec force-nat-t disable

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 ipsec transform esp-aes128-sha512

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 ipsec mode tunnel

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 ipsec pfs-group mod14

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 ipsec anti-replay enable

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 ipsec life duration 28800

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 ike version v2

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 ike group mod14

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 ike transform aes128-sha512

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 ike lifetime 28800

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 ike dpd-timeout 30

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 peer-auth-info

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 peer-auth-info auth-type psk

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 peer-auth-info id-type ip

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 peer-auth-info key 1234

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 peer-auth-info id-string 163.116.132.38

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 peer

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 peer address [ 163.116.132.38 ]

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 rule http protocol any

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 rule http src inet 0.0.0.0/0

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 rule http src port 0

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 rule http dst inet 0.0.0.0/0

set orgs org-services testdemo ipsec vpn-profile netskope-gw-2 rule http dst port 80

[ok][2020-05-15 11:59:51]

admin@branch-cloud-1-cli>