{"id":2567,"date":"2020-03-26T13:00:39","date_gmt":"2020-03-26T12:00:39","guid":{"rendered":"https:\/\/www.safekom.pl\/blog\/?p=2567"},"modified":"2020-03-26T13:00:39","modified_gmt":"2020-03-26T12:00:39","slug":"nsx-t-ipsec-route-base","status":"publish","type":"post","link":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/","title":{"rendered":"NSX-t IPSec Route base"},"content":{"rendered":"\r\n

W dzisiejszym wpisie przedstawi\u0119 konfiguracj\u0119 NSX-t IPSec Route base, jest to\u00a0 opis krok po kroku jak skonfigurowa\u0107 IPseca po stronie NSX’a oraz Vyos kt\u00f3ry b\u0119dzie uczestnikiem IPseca.\u00a0<\/p>\r\n\r\n\r\n\r\n

<\/p>\r\n\r\n\r\n\r\n

Za\u0142o\u017cenia<\/h4>\r\n\r\n\r\n\r\n
    \r\n
  1. Poni\u017cej rysunek pogl\u0105dowy jak wygl\u0105da topologia po\u0142\u0105cze\u0144.
    \r\n
    \"\"<\/a><\/figure>\r\n<\/li>\r\n
  2. Pomi\u0119dzy routerem T0 i chmurk\u0105 ju\u017c istnieje po\u0142\u0105czenie oraz jest zestawione s\u0105siedztwo BGP w celu dost\u0119pu do sieci „Internet” na powy\u017cszym rysunku chmurki<\/li>\r\n
  3. Parametry po\u0142\u0105czenia:<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n
    \r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n
    IKE<\/span><\/th>\r\n\u00a0<\/th>\r\n<\/tr>\r\n<\/thead>\r\n
    IKE wersja<\/span><\/td>\r\nv2<\/span><\/td>\r\n<\/tr>\r\n
    Encryption Algorithm<\/span><\/td>\r\n
    Digest Algorithm<\/span><\/td>\r\n
    Diffie-Hellman<\/span><\/td>\r\n
    86400<\/span><\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n<\/figure>\r\n\r\n\r\n\r\n
    \r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n
    IPSec<\/span><\/th>\r\n\u00a0<\/th>\r\n<\/tr>\r\n<\/thead>\r\n
    Encryption Algorithm<\/span><\/td>\r\n
    Digest Algorithm<\/span><\/td>\r\n
    PFS Group<\/span><\/td>\r\nyes<\/span><\/td>\r\n<\/tr>\r\n
    Diffie-Hellman<\/span><\/td>\r\n
    SA Lifetime (sec)<\/span><\/td>\r\n3600<\/span><\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n<\/figure>\r\n\r\n\r\n\r\n

    Konfiguracja NSX-t<\/h4>\r\n\r\n\r\n\r\n

    Konfiguracja po\u0142\u0105czenie IPSEC<\/h5>\r\n\r\n\r\n\r\n
      \r\n
    1. Logujemy si\u0119 do NSX Managera
      \"nsx-t<\/li>\r\n
    2. Przechodzimy do Networking nast\u0119pnie VPN
      \"NSX-t<\/a><\/li>\r\n
    3. Skonfigurujemy profile dla IKE,IPSec przechodz\u0105c do Profiles\u00a0
      \"nsx-t<\/a><\/li>\r\n
    4. wybieramy IKE-Profiles nast\u0119pnie IKE ADD Profile, w nowym oknie podajemy parametry konfiguracyjne kt\u00f3re zosta\u0142y zebrane powy\u017cej w tabelce oraz podajemy nazw\u0119 dla profilu. Po zako\u0144czeniu wprowadzaniu zapisujemy profil.
      \"NSXt<\/a><\/li>\r\n
    5. Kolejnym krokiem jest dodanie profilu dla IPSeca, Wybieramy IPSEC Profiles i nast\u0119pnie ADD IPSEC Profile w nowym oknie podajemy nazw\u0119 dla niego oraz parametry z tabelki powy\u017cej.
      \"NSX-t<\/a><\/li>\r\n
    6. Ostatnim profilem do utworzenie jest profil DPD, wybieramy DPD Profiles i ADD DPD Profile, w nowym oknie podajemy nazw\u0119 oraz zostawiamy 60 secund.
      \"NSX-t<\/a><\/li>\r\n
    7. Po skonfigurowaniu profilu dla IKE i IPSec oraz DPD przechodzimy do konfiguracji VPN Service robimy to przechodz\u0105c do VPN Services gdzie klikamy na ADD Service i wybieramy IPSEC. W nowym oknie podajemy nazw\u0119 oraz wybieramy na kt\u00f3ry gateway ma zosta\u0107 uruchomiony serwis odpowiedzialny za IPSeca w naszym przypadku b\u0119dzie to T0.
      \"NSX-T<\/a><\/li>\r\n
    8. W tym kroku przechodzimy do konfiguracji LOCAL EDNPOINTS\u00a0 klikamy ADD LOCAL ENDPOINT w tym miejscu skonfigurujemy adres z kt\u00f3rego oraz do kt\u00f3rego b\u0119dziemy nawi\u0105zywa\u0107 sesj\u0119 IPSec.
      \"NSXt<\/a><\/li>\r\n
    9. Przyszed\u0142 na ostatni krok konfiguracji IPSec przechodzimy do IPSEC SESION wybieramy Route Based.
      \"nsx-t<\/a><\/li>\r\n
    10. W nowym okniekonfigurujemy nasz\u0105 sesj\u0119 IPSec podajemy dane:
      Nazwa – dowolna nazwa dla sesji.
      VPN Service – wybieramy wcze\u015bniej zdefiniowany profil.
      Local Endpoint – podobnie wybieramy profil kt\u00f3ry wcze\u015bniej skonfigurowali\u015bmy.
      Remote IP – podajemy adres IP partnera z kt\u00f3rym b\u0119dziemy nawi\u0105zywa\u0107 sesj\u0119 IPSec.
      Authentication Mode – w naszym przypadku wybieramy PSK mo\u017ce kiedy\u015b zrobi\u0119 opis na certach :-).
      Pre-shared Key – podajemy nasz klucz PSK\u00a0
      Tunnel Interface – podajemy ip dla naszego interfejsu tunel w naszym przypadku jest to 100.100.10.1\/30 musi by\u0107 podana maska min 31.
      Remote ID – podajemy zako\u0144czenie tunelu po drugiej stronie, zgodnie z za\u0142o\u017ceniami jest to 2.2.2.2
      Do kolejnych ustawie\u0144 przechodzimy klikaj\u0105c\u00a0 Advanced Properties<\/strong> gdzie dalej podajemy parametry naszego po\u0142\u0105czenia:
      IKE Profiles – wybieramy utworzony przez nas profil IKE.
      IPSec Profiles – wybieramy utworzony przez nas profil dla IPSec.
      DPD Profiles – wybieramy utworzony profil dla DPD.
      Connection Initiation – okre\u015blmy rol\u0119 w naszym przypadku zostawiamy bez zmiany.
      Parametry nie wymienione zostawiamy bez zmian.
      \"NSX-t<\/a><\/li>\r\n
    11. Po wy\u017cszych krokach mam skonfigurowane parametry dla IPSeca Rouet Base.<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n
      Konfiguracja Routingu w NSX<\/h5>\r\n\r\n\r\n\r\n

      W tej sekcji dowiesz si\u0119 jak skonfigurowa\u0107 redystrybucj\u0119 adres Local Endpoint oraz jak zestawi\u0107 BGP.\u00a0<\/p>\r\n\r\n\r\n\r\n

      Konfiguracja redystrybucji<\/h6>\r\n\r\n\r\n\r\n

      Aby poprawnie zestawi\u0107 po\u0142\u0105czenie IPSec przyda\u0142o by si\u0119 do naszej chmurki kt\u00f3ra jest pokazana na rysunku na pocz\u0105tku wpisu rozg\u0142osi\u0107 adres Local Endpoint a robimy to tak:<\/p>\r\n\r\n\r\n\r\n

        \r\n
      1. Przechodzimy do Networking nast\u0119pnie do Tier0 wybieramy nasz router T0 i przechodzimy do jego edycji.
        \"EDIT<\/a><\/li>\r\n
      2. Przechodzimy do ROUTE RE-DISTRIBUTION klikamy na cyfr\u0119 w przy Route Re-Distribution.
        \"t0\"<\/a><\/li>\r\n
      3. W nowym oknie zaznaczamy IPSec Local IP i klikamy Apply.
        \"IPSec<\/a><\/li>\r\n
      4. Na koniec zapisujemy oraz klikamy close editing i temat ten mamy za sob\u0105.\u00a0<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n
        Konfiguracja BGP pomi\u0119dzy NSX a Vyos<\/h6>\r\n\r\n\r\n\r\n

        W IPSec route base protok\u00f3\u0142 routingu jest odpowiedzialny za ustalenie pomi\u0119dzy jakimi sieciami ma nast\u0105pi\u0107 szyfrowanie w kanale IPSec. W NSX-t mamy do dyspozycji dwa protoko\u0142y routingu jest to statk oraz BGP w tym punkcie skupi\u0119 si\u0119 w\u0142a\u015bnie nad poczciwym BGP’em.\u00a0<\/p>\r\n\r\n\r\n\r\n

          \r\n
        1. Aby skonfigurowa\u0107 sesj\u0119 BGP przechodzimy do Networking nast\u0119pnie do Tier0 wybieramy nasz router T0 i przechodzimy do jego edycji
          \"EDIT<\/a><\/li>\r\n
        2. Tam przechodzimy do sesji BGP, gdzie jest to pierwsza sesja BGP konfigurujemy:
          Local AS – w labie oraz DC wybieramy co\u015b z puli privet AS\u00a0
          reszt\u0119 parametr\u00f3w zostawiamy bez zmian w labie, w DC mo\u017cna podkr\u0119ci\u0107 czasy sesji BGP\u00a0
          Tutaj ju\u017c mamy to skonfigurowane bo mamy sesj\u0119 do mojej chmurki\u00a0
          \"nsx-t<\/a><\/li>\r\n
        3. W kolejnym wa\u017cnym krokiem jest skonfigurowanie s\u0105siedztwa BGP aby to zrobi\u0107 przechodzimy do BGP Neighbors. W tym przypadku dodajemy kolejne s\u0105siedztwo.\u00a0
          \"bgp<\/a><\/li>\r\n
        4. W nowym oknie dodajemy nowego s\u0105siada gdzie podajemy\u00a0parametry do skonfigurowania
          IP Address – podajemy adres ip s\u0105siada w naszym przypadku jest to 100.100.10.2
          Remote AS – Podajemy numer AS s\u0105siada w naszym przypadku jest to 65555
          Source Addresses – podajemy nasz adres 100.100.10.1
          \"bgp<\/a><\/div>\r\n<\/li>\r\n
        5. Klikamy Save i mamy skonfigurowane po stronie NSX’a BGP\u00a0<\/li>\r\n<\/ol>\r\n

          Aby wszystko zadzia\u0142a\u0142o musimy skonfigurowa\u0107 naszego s\u0105siad czyli przechodzimy do konfiguracji Vyos,<\/p>\r\n\r\n\r\n\r\n

          Konfiguracja Vyos<\/h4>\r\n\r\n\r\n\r\n

          Jak to by\u0142o w piosence „do tanga trzeba dwojga” w tym przypadku partnerem dla NSX b\u0119dzie Vyos na kt\u00f3rym poni\u017cej przedstawi\u0119 jak skonfigurowa\u0107 IPSec route Based oraz BGP.\u00a0 Nie b\u0119d\u0119 pokazywa\u0142 podstawowej konfiguracji tylko skupi\u0119 si\u0119 na omawianych zagadnieniach. Ca\u0142a konfiguracja jest wykonywana z poziomy SSH. W tym labie wykorzystuj\u0119 wersj\u0119 troch\u0119 star\u0105 bo jest to 1.3\u00a0<\/p>\r\n\r\n\r\n\r\n

          Konfiguracja po\u0142\u0105czenie IPSEC w Vyos<\/h5>\r\n\r\n\r\n\r\n
            \r\n
          1. Logujemy si\u0119 do naszego Vyos po ssh<\/li>\r\n
          2. Przechodzimy do konfiguracji i konfigurujemy nasz profil dla fazy 1 zgodnie z za\u0142o\u017ceniami
            \r\n
            vyos@vyos01:~$ configure \r\n[edit]\r\nvyos@vyos01# set vpn ipsec esp-group NSX-T lifetime '3600'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec esp-group NSX-T mode 'tunnel'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec esp-group NSX-T pfs 'dh-group5'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec esp-group NSX-T proposal 1 encryption 'aes256'  \r\n[edit]\r\nvyos@vyos01# set vpn ipsec esp-group NSX-T proposal 1 hash 'sha256'\r\n[edit]\r\nvyos@vyos01# <\/pre>\r\n
            czysta konfiguracja same komendy<\/p>\r\n
            set vpn ipsec esp-group NSX-T lifetime '3600'\r\nset vpn ipsec esp-group NSX-T mode 'tunnel'\r\nset vpn ipsec esp-group NSX-T pfs 'dh-group5'\r\nset vpn ipsec esp-group NSX-T proposal 1 encryption 'aes256'\r\nset vpn ipsec esp-group NSX-T proposal 1 hash 'sha256'<\/pre>\r\n<\/li>\r\n
          3. Nast\u0119pnie profil dla fazy 2\u00a0
            \r\n
            [edit]\r\nvyos@vyos01# set vpn ipsec ike-group NSX-T ikev2-reauth 'yes'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec ike-group NSX-T key-exchange 'ikev2'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec ike-group NSX-T lifetime '86400'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec ike-group NSX-T proposal 1 dh-group '5'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec ike-group NSX-T proposal 1 encryption 'aes256'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec ike-group NSX-T proposal 1 hash 'sha256'\r\n[edit]\r\nvyos@vyos01# <\/pre>\r\n<\/li>\r\n
          4. Profil dla DPD
            \r\n
            [edit]\r\nvyos@vyos01# set vpn ipsec ike-group NSX-T dead-peer-detection action 'restart'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec ike-group NSX-T dead-peer-detection interval '15'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec ike-group NSX-T dead-peer-detection timeout '60'\r\n<\/pre>\r\n
            same komendy\u00a0<\/p>\r\n
            set vpn ipsec ike-group NSX-T dead-peer-detection action 'restart'\r\nset vpn ipsec ike-group NSX-T dead-peer-detection interval '15'\r\nset vpn ipsec ike-group NSX-T dead-peer-detection timeout '60'<\/pre>\r\n<\/li>\r\n
          5. Tworzymy interfejs tunelowy oraz nadajemy jemu adres ip zgodnie z za\u0142o\u017ceniami
            \r\n
            [edit]\r\nvyos@vyos01# set interfaces vti vti1 address '100.100.10.2\/30'<\/pre>\r\n<\/li>\r\n
          6. Konfiguracja IPSeca
            \r\n
            [edit]\r\nvyos@vyos01# set vpn ipsec site-to-site peer 1.1.1.1 authentication id '2.2.2.2'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec site-to-site peer 1.1.1.1 authentication mode 'pre-shared-secret'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec site-to-site peer 1.1.1.1 authentication pre-shared-secret 'de%b\/B\\7$*[rV*S%Pk(D'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec site-to-site peer 1.1.1.1 ike-group 'NSX-T'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec site-to-site peer 1.1.1.1 ikev2-reauth 'inherit'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec site-to-site peer 1.1.1.1 local-address '2.2.2.2'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec site-to-site peer 1.1.1.1 vti bind 'vti1'\r\n[edit]\r\nvyos@vyos01# set vpn ipsec site-to-site peer 1.1.1.1 vti esp-group 'NSX-T'\r\n[edit]\r\nvyos@vyos01# <\/pre>\r\nsame komendy kt\u00f3re zosta\u0142y u\u017cyte powy\u017cej\u00a0
            \r\n
            set vpn ipsec site-to-site peer 1.1.1.1 authentication id '2.2.2.2'\r\nset vpn ipsec site-to-site peer 1.1.1.1 authentication mode 'pre-shared-secret'\r\nset vpn ipsec site-to-site peer 1.1.1.1 authentication pre-shared-secret 'de%b\/B\\7$*[rV*S%Pk(D'\r\nset vpn ipsec site-to-site peer 1.1.1.1 ike-group 'NSX-T'\r\nset vpn ipsec site-to-site peer 1.1.1.1 ikev2-reauth 'inherit'\r\nset vpn ipsec site-to-site peer 1.1.1.1 local-address '2.2.2.2'\r\nset vpn ipsec site-to-site peer 1.1.1.1 vti bind 'vti1'\r\nset vpn ipsec site-to-site peer 1.1.1.1 vti esp-group 'NSX-T'<\/pre>\r\n<\/li>\r\n
          7. Na koniec wykonujemy commit
            \r\n
            [edit]\r\nvyos@vyos01# commit\r\n[edit]\r\nvyos@vyos01# <\/pre>\r\n
             <\/p>\r\n<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n
            Konfiguracja BGP w Vyos<\/h5>\r\n\r\n\r\n\r\n
            Po skonfigurowaniu IPSeca przechodzimy do konfiguracji sesji BGP, poni\u017cej bardzo szybki config.<\/p>\r\n
            [edit]\r\nvyos@vyos01# set protocols bgp 65555 \r\n[edit]\r\nvyos@vyos01# set protocols bgp 65555 neighbor 100.100.10.1 remote-as 65502 \r\n[edit]\r\nvyos@vyos01# set protocols bgp 65555 neighbor 100.100.10.1 update-source 100.100.10.2 \r\n[edit]\r\nvyos@vyos01# set protocols bgp 65555 address-family ipv4-unicast redistribute connected\r\n[edit]\r\nvyos@vyos01# commit\r\n[edit]\r\nvyos@vyos01# <\/pre>\r\n
            same komendy:<\/p>\r\n
            set protocols bgp 65555 address-family ipv4-unicast redistribute connected\r\nset protocols bgp 65555 neighbor 100.100.10.1 remote-as '65502'\r\nset protocols bgp 65555 neighbor 100.100.10.1 update-source '100.100.10.2'<\/pre>\r\n
             <\/p>\r\n\r\n\r\n\r\n
            Weryfikacja<\/h4>\r\n\r\n\r\n\r\n
            Po czasie konfiguracji NSXa i jak Vyos przyszed\u0142 czas na weryfikacj\u0119 naszej pracy.<\/p>\r\n\r\n\r\n\r\n
            Sprawdzenie po stronie NSX\u00a0

            <\/h5>\r\n
            IPSEC<\/h6>\r\n\r\n\r\n\r\n
              \r\n
            1. logujemy si\u0119 po SSH do Edga na kt\u00f3rym jest nasze T0<\/li>\r\n
            2. sprawdzamy sesj\u0119 ike wykonuj\u0105c komend\u0119 get ipsecvpn ikesa active\u00a0
              <\/strong><\/strong>\r\n
              nsx-edge-01> get ipsecvpn ikesa active \r\n    Total Number of Active IKE SAs: 1\r\n\r\n    IKE Version              : IKEv2\r\n    IKE Status               : Up\r\n    IKE Session ID           : 6\r\n    Session Name             : Tunnel-b522b518-59347c2-810b64c9-f60cccf2\r\n    Session Type             : Route Based\r\n    \r\n    IKE SPI Initiator        : 0x0e35db0e3da6b2d7\r\n    IKE SPI Responder        : 0x0402b472d9a26732\r\n    Role                     : Initiator\r\n    \r\n    Number of Child SA Pairs : 2\r\n    Created Timestamp        : 2020-03-26 11:12:09\r\n    IKE SA Uptime            : 425 sec\r\n    IKE SA Lifetime          : 86400 sec\r\n    DPD Probe Interval       : 60 sec\r\n    \r\n    IP Address:\r\n      Local                  : 1.1.1.1\r\n      Remote                 : 2.2.2.2\r\n    \r\n    Identity:\r\n      Local                  : 1.1.1.1 (ipv4)\r\n      Remote                 : 2.2.2.2 (ipv4)\r\n    \r\n    Algorithm:\r\n      Encryption             : aes256-cbc\r\n      Authentication         : hmac-sha256-128\r\n      PRF                    : hmac-sha256\r\n    DH Group                 : 5\r\n    \r\n    Authentication Method    : Pre-shared key\r\n    ----------------------------------------<\/pre>\r\n
               <\/p>\r\n<\/li>\r\n
            3. Weryfikujemy ca\u0142ego IPSeca wykonuj\u0105c komend\u0119 get ipsecvpn session<\/strong>
              \r\n
              nsx-edge-01> get ipsecvpn session \r\nTotal Number of Sessions: 1\r\n\r\nIKE Session ID   : 6\r\nUUID             : b522b518-0593-47c2-810b-64c9f60cccf2\r\nSR ID            : 74816ace-6bb1-4f82-b845-97a41c517c41\r\nType             : Route\r\nAuth Mode        : PSK\r\nCompliance Suite : NONE\r\n\r\nLocal IP         : 1.1.1.1            Peer IP          : 2.2.2.2\r\nLocal ID         : 1.1.1.1            Peer ID          : 2.2.2.2\r\nSession Status   : Up\r\n\r\nPolicy Rules\r\n    VTI UUID         : 9b519fea-7754-40e4-8a81-22e794d0b12a\r\n    ToRule ID        : 176235239          FromRule ID      : 2323718887\r\n    Local Subnet     : 0.0.0.0\/0          Peer Subnet      : 0.0.0.0\/0\r\n    Tunnel Status    : Up\r\n\r\n\r\n------------------------------------------------------------------------------------------\r\n<\/pre>\r\n
               <\/p>\r\n<\/li>\r\n
            4. Weryfikujemy jak wygl\u0105daj\u0105 statystyki czy zmieniaj\u0105 si\u0119 wykonuj\u0105c komend\u0119 get ipsecvpn tunnel stats\u00a0<\/strong>
              \r\n
              nsx-edge-01> get ipsecvpn tunnel stats \r\nInterface UID                      : 324\r\nInterface UUID                     : 9b519fea-7754-40e4-8a81-22e794d0b12a\r\nVTI UUID                           : 9b519fea-7754-40e4-8a81-22e794d0b12a\r\n\r\nStats\r\n    Rx Pkts                            : 248           Tx Pkts                            : 399\r\n    Rx Bytes                           : 16153         Tx Bytes                           : 50820\r\n    Rx MSS Adjusted                    : 0             Tx MSS Adjusted                    : 0\r\n    Rx MSS Ignored                     : 0             Tx MSS Ignored                     : 0\r\n    Rx Drops                           : 1             Tx Drops                           : 0\r\n    Rx Drop Crypto Failure             : 0             Tx Drop Crypto Failure             : 0\r\n    Rx Drop State Mismatch             : 0             Tx Drop State Mismatch             : 0\r\n    Rx Drop Malformed                  : 0             Tx Drop Malformed                  : 0\r\n    Rx Drop Proto Not Supported        : 0             Tx Drop Proto Not Supported        : 0\r\n    Rx Drop Replay                     : 0             Tx Drop Seq Rollover               : 0\r\n    Rx Drop Inner Malformed            : 0             Tx Drop Fragmentation Needed       : 0\r\n    Rx Drop Policy Nomatch             : 0             Rekey Request Failure              : 0\r\n    Rx Drop Auth Failure               : 0<\/pre>\r\n<\/li>\r\n<\/ol>\r\n\r\n\r\n\r\n
              BGP<\/h6>\r\n
              Podobnie jak wy\u017cej wykorzystujemy po\u0142\u0105czenie ssh do EDGE<\/p>\r\n
                \r\n
              1. sprawdzamy jaki id VRF ma nasz router T0 modu\u0142 serwisowy wykonuj\u0105c komend\u0119\u00a0
                \r\n
                nsx-edge-01> get logical-router\r\nLogical Router\r\nUUID                                   VRF    LR-ID  Name                              Type                        Ports  \r\n736a80e3-23f6-5a2d-81d6-bbefb2786666   0      0                                        TUNNEL                      4      \r\nf6badcc6-614e-4af3-bd27-50dc411e3a96   1      3      DR-t1                             DISTRIBUTED_ROUTER_TIER1    5      \r\n74816ace-6bb1-4f82-b845-97a41c517c41   2      2      SR-test                           SERVICE_ROUTER_TIER0        6      \r\na749186b-2250-486d-9cdc-00862a6b1a92   3      4      SR-t1                             SERVICE_ROUTER_TIER1        5      \r\n043a4cbd-97b9-4d48-ad0c-7f1c55c0065a   4      1      DR-test                           DISTRIBUTED_ROUTER_TIER0    4<\/pre>\r\n<\/li>\r\n
              2. przechodzimy do vrfu 2\u00a0
                \r\n
                nsx-edge-01> vrf 2\r\nnsx-edge-01(tier0_sr)> <\/pre>\r\n<\/li>\r\n
              3. Sprawdzamy si\u0105sietzdwa BGP wykonuj\u0105c komend\u0119 get bgp neighbor summary<\/strong>
                \r\n
                nsx-edge-01(tier0_sr)> get bgp neighbor summary \r\nBFD States: NC - Not configured, AC - Activating,DC - Disconnected\r\n            AD - Admin down, DW - Down, IN - Init,UP - Up\r\nBGP summary information for VRF default for address-family: ipv4Unicast\r\nRouter ID: 10.10.203.10  Local AS: 65502\r\n\r\nNeighbor                            AS          State Up\/DownTime  BFD InMsgs  OutMsgs InPfx  OutPfx\r\n\r\n10.10.203.1                         65500       Estab 01w4d23h     NC  17419   17412   19     25    \r\n100.100.10.2                        65555       Estab 00:17:13     NC  29      26      5      25 <\/pre>\r\n<\/li>\r\n
              4. sprawdzamy tablic\u0119 routingu wykonuj\u0105c polecenie\u00a0get route bgp<\/strong>
                \r\n
                nsx-edge-01(tier0_sr)> get route bgp\r\n\r\nFlags: t0c - Tier0-Connected, t0s - Tier0-Static, B - BGP,\r\nt0n - Tier0-NAT, t1s - Tier1-Static, t1c - Tier1-Connected,\r\nt1n: Tier1-NAT, t1l: Tier1-LB VIP, t1ls: Tier1-LB SNAT,\r\nt1d: Tier1-DNS FORWARDER, t1ipsec: Tier1-IPSec, \r\n> - selected route, * - FIB route\r\n\r\nTotal number of routes: 20\r\n\r\nb  > * 0.0.0.0\/0 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 2.2.2.2\/32 [20\/0] via 10.10.203.1, uplink-280, 01:32:45\r\nb  > * 10.1.1.0\/24 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 10.2.2.0\/24 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 10.2.3.0\/24 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 10.2.4.0\/24 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 10.10.0.0\/24 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 10.10.11.0\/24 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 10.10.201.0\/24 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 10.10.202.0\/24 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 10.100.1.0\/24 [20\/0] via 10.10.203.1, uplink-280, 03:58:22\r\nb  > * 10.100.2.0\/24 [20\/0] via 10.10.203.1, uplink-280, 03:58:22\r\nb  > * 10.100.3.0\/24 [20\/0] via 10.10.203.1, uplink-280, 03:58:22\r\nb  > * 10.255.254.0\/24 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 10.255.255.0\/24 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 54.37.136.1\/32 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 192.168.1.0\/24 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 192.168.3.0\/24 [20\/0] via 10.10.203.1, uplink-280, 01w4d23h\r\nb  > * 192.168.128.0\/24 [20\/0] via 100.100.10.2, vti-324, 00:18:17\r\nb  > * 192.168.129.0\/24 [20\/0] via 100.100.10.2, vti-324, 00:18:17<\/pre>\r\n<\/li>\r\n<\/ol>\r\n
                Weryfikacja Vyos<\/h5>\r\n
                Wszystkie sprawdzenie po stronie r\u00f3wnie\u017c wykonujemy z poziomu CLI poprzez SSH<\/p>\r\n\r\n\r\n\r\n
                Sprawdzenie IPSEC<\/h6>\r\n
                  \r\n
                1. sprawdzamy sesj\u0119 IKE
                  \r\n
                  vyos@vyos01:~$ show vpn ike sa \r\nPeer ID \/ IP                            Local ID \/ IP               \r\n------------                            -------------\r\n1.1.1.1                                 2.2.2.2                                \r\n\r\n    State  IKEVer  Encrypt  Hash    D-H Group      NAT-T  A-Time  L-Time\r\n    -----  ------  -------  ----    ---------      -----  ------  ------\r\n    up     IKEv2   aes256   sha256_128 5(MODP_1536)   no     3600    86400  \r\n<\/pre>\r\n<\/li>\r\n
                2. Sprawdzamy sesj\u0119 IPSec
                  \r\n
                  vyos@vyos01:~$ show vpn ipsec sa \r\nConnection               State    Uptime    Bytes In\/Out    Packets In\/Out    Remote address    Remote ID    Proposal\r\n-----------------------  -------  --------  --------------  ----------------  ----------------  -----------  ---------------------------------------\r\npeer-1.1.1.1-tunnel-vti  up       24m59s    0B\/60B          0\/1               1.1.1.1           N\/A          AES_CBC_256\/HMAC_SHA2_256_128\r\npeer-1.1.1.1-tunnel-vti  up       24m59s    3K\/4K           43\/67             1.1.1.1           N\/A          AES_CBC_256\/HMAC_SHA2_256_128\/MODP_1536<\/pre>\r\n<\/li>\r\n<\/ol>\r\n
                  Weryfikacja BGP<\/h6>\r\n
                    \r\n
                  1. weryfikacja statusu BGP
                    \r\n
                    vyos@vyos01:~$ show ip bgp summary \r\n\r\nIPv4 Unicast Summary:\r\nBGP router identifier 2.2.2.2, local AS number 65555 vrf-id 0\r\nBGP table version 29\r\nRIB entries 47, using 8648 bytes of memory\r\nPeers 1, using 20 KiB of memory\r\n\r\nNeighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up\/Down State\/PfxRcd\r\n100.100.10.1    4      65502      35      40        0    0    0 00:26:10           22<\/pre>\r\n<\/li>\r\n
                  2. Sprawdzenie tablicy routingu\u00a0
                    \r\n
                    vyos@vyos01:~$ show ip route bgp \r\nCodes: K - kernel route, C - connected, S - static, R - RIP,\r\n       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,\r\n       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,\r\n       F - PBR, f - OpenFabric,\r\n       > - selected route, * - FIB route, q - queued route, r - rejected route\r\n\r\n\r\nB>* 10.1.1.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.2.2.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.2.3.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.2.4.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.10.0.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.10.11.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.10.201.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.10.202.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.10.203.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.11.1.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.12.1.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.100.1.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.100.2.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.100.3.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.255.254.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 10.255.255.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 54.37.136.1\/32 [20\/0] via 100.100.10.1, vti1, 00:26:46\r\nB>* 192.168.3.0\/24 [20\/0] via 100.100.10.1, vti1, 00:26:46<\/pre>\r\n
                     <\/p>\r\n<\/li>\r\n<\/ol>\r\n
                    Na koniec test puszczenie ping z Vyosa to NSX’a dok\u0142adnie na ip 10.11.1.1 kt\u00f3ry potwierdzi nam dzia\u0142anie transmisji w IPSecu<\/p>\r\n
                    vyos@vyos01:~$ ping 10.11.1.1\r\nPING 10.11.1.1 (10.11.1.1) 56(84) bytes of data.\r\n64 bytes from 10.11.1.1: icmp_seq=1 ttl=63 time=0.749 ms\r\n64 bytes from 10.11.1.1: icmp_seq=2 ttl=63 time=0.902 ms<\/pre>\r\n
                     <\/p>\r\n
                    Jak wida\u0107 proces weryfikacji wyszed\u0142 pozytywnie i mo\u017cemy cieszy\u0107 si\u0119 skonfigurowanym IPSeciem typu route base. Jak Macie pytania to zapraszam do kontaktu.\u00a0<\/p>\r\n\r\n\r\n","protected":false},"excerpt":{"rendered":"
                    W dzisiejszym wpisie przedstawi\u0119 konfiguracj\u0119 NSX-t IPSec Route base, jest to\u00a0 opis krok po kroku jak skonfigurowa\u0107 IPseca po stronie NSX’a oraz Vyos kt\u00f3ry b\u0119dzie uczestnikiem IPseca.\u00a0 Za\u0142o\u017cenia Poni\u017cej rysunek pogl\u0105dowy jak wygl\u0105da topologia po\u0142\u0105cze\u0144. Pomi\u0119dzy routerem T0 i chmurk\u0105 ju\u017c istnieje po\u0142\u0105czenie oraz jest zestawione s\u0105siedztwo BGP w celu dost\u0119pu do sieci „Internet” na […]<\/p>\n","protected":false},"author":1,"featured_media":2166,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Opis jak skonfigurowa\u0107 IPSec typu route based pomi\u0119dzy NSX-t a Vyos. @VMware #NSXt @Vyos #Vyos #IPSec #BGP","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[585,9,452],"tags":[218,606,604,605,125,77,353,533,603,602,16,254],"class_list":["post-2567","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nsx","category-vmware","category-vyos","tag-bgp","tag-get-bgp-neighbor-summary","tag-get-ipsecvpn-ikesa-active","tag-get-ipsecvpn-session","tag-ike","tag-ipsec","tag-nsx","tag-nsx-t","tag-nsx-t-2-5","tag-nsx-t-ipsec-route-base","tag-vmware","tag-vyos"],"yoast_head":"\nNSX-t IPSec Route base do Vyosa - SafeKom Blog<\/title>\n<meta name=\"description\" content=\"Opis jak skonfigurowa\u0107 krok po kroku NSX-t IPSec Route base. Partnerem sesji IPSec dla NSX-t jest Vyos. NSX-t IPSec Route base\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/\" \/>\n<meta property=\"og:locale\" content=\"pl_PL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NSX-t IPSec Route base do Vyosa - SafeKom Blog\" \/>\n<meta property=\"og:description\" content=\"Opis jak skonfigurowa\u0107 krok po kroku NSX-t IPSec Route base. Partnerem sesji IPSec dla NSX-t jest Vyos. NSX-t IPSec Route base\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/\" \/>\n<meta property=\"og:site_name\" content=\"SafeKom Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/safekompl\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-26T12:00:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"1012\" \/>\n\t<meta property=\"og:image:height\" content=\"946\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Micha\u0142 Iwa\u0144czuk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@MIwaczuk\" \/>\n<meta name=\"twitter:site\" content=\"@MIwaczuk\" \/>\n<meta name=\"twitter:label1\" content=\"Napisane przez\" \/>\n\t<meta name=\"twitter:data1\" content=\"Micha\u0142 Iwa\u0144czuk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Szacowany czas czytania\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/\"},\"author\":{\"name\":\"Micha\u0142 Iwa\u0144czuk\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#\\\/schema\\\/person\\\/fd4cc931b624af4b7353d36d92ba7181\"},\"headline\":\"NSX-t IPSec Route base\",\"datePublished\":\"2020-03-26T12:00:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/\"},\"wordCount\":1173,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/Autobot_symbol.png?fit=1012%2C946&ssl=1\",\"keywords\":[\"bgp\",\"get bgp neighbor summary\",\"get ipsecvpn ikesa active\",\"get ipsecvpn session\",\"ike\",\"ipsec\",\"NSX\",\"NSX-T\",\"nsx-t 2.5\",\"NSX-t IPSec Route base\",\"vmware\",\"vyos\"],\"articleSection\":[\"NSX\",\"Vmware\",\"Vyos\"],\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/\",\"url\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/\",\"name\":\"NSX-t IPSec Route base do Vyosa - SafeKom Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/Autobot_symbol.png?fit=1012%2C946&ssl=1\",\"datePublished\":\"2020-03-26T12:00:39+00:00\",\"description\":\"Opis jak skonfigurowa\u0107 krok po kroku NSX-t IPSec Route base. Partnerem sesji IPSec dla NSX-t jest Vyos. NSX-t IPSec Route base\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/#breadcrumb\"},\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/Autobot_symbol.png?fit=1012%2C946&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/Autobot_symbol.png?fit=1012%2C946&ssl=1\",\"width\":1012,\"height\":946},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/vmware\\\/nsx\\\/nsx-t-ipsec-route-base\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NSX-t IPSec Route base\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/\",\"name\":\"SafeKom Blog\",\"description\":\"Notatki Architekta i in\u017cyniera zwi\u0105zanego rozwi\u0105zaniami on-prem\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pl-PL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#organization\",\"name\":\"SafeKom Blog\",\"url\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/05\\\/cropped-logo.png?fit=512%2C512&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.safekom.pl\\\/blog\\\/wp-content\\\/uploads\\\/2015\\\/05\\\/cropped-logo.png?fit=512%2C512&ssl=1\",\"width\":512,\"height\":512,\"caption\":\"SafeKom Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/safekompl\",\"https:\\\/\\\/x.com\\\/MIwaczuk\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/michaliwanczuk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/#\\\/schema\\\/person\\\/fd4cc931b624af4b7353d36d92ba7181\",\"name\":\"Micha\u0142 Iwa\u0144czuk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"caption\":\"Micha\u0142 Iwa\u0144czuk\"},\"description\":\"Pasjonat komputerowy od zawsze oraz maniak w zakresie sieci, wirtualizacji oraz bezpiecze\u0144stwa IT. Kompetentny in\u017cynier z du\u017cym do\u015bwiadczeniem w realizacji projekt\u00f3w informatycznych i telekomunikacyjnych. Wieloletni administrator IT, kt\u00f3ry utrzymuje systemy informatyczne dostosowuj\u0105c je do wymog\u00f3w biznesowych z zapewnieniem dost\u0119pno\u015bci 24\\\/7\\\/365.\",\"url\":\"https:\\\/\\\/www.safekom.pl\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NSX-t IPSec Route base do Vyosa - SafeKom Blog","description":"Opis jak skonfigurowa\u0107 krok po kroku NSX-t IPSec Route base. Partnerem sesji IPSec dla NSX-t jest Vyos. NSX-t IPSec Route base","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/","og_locale":"pl_PL","og_type":"article","og_title":"NSX-t IPSec Route base do Vyosa - SafeKom Blog","og_description":"Opis jak skonfigurowa\u0107 krok po kroku NSX-t IPSec Route base. Partnerem sesji IPSec dla NSX-t jest Vyos. NSX-t IPSec Route base","og_url":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/","og_site_name":"SafeKom Blog","article_publisher":"https:\/\/www.facebook.com\/safekompl","article_published_time":"2020-03-26T12:00:39+00:00","og_image":[{"width":1012,"height":946,"url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1","type":"image\/png"}],"author":"Micha\u0142 Iwa\u0144czuk","twitter_card":"summary_large_image","twitter_creator":"@MIwaczuk","twitter_site":"@MIwaczuk","twitter_misc":{"Napisane przez":"Micha\u0142 Iwa\u0144czuk","Szacowany czas czytania":"13 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/#article","isPartOf":{"@id":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/"},"author":{"name":"Micha\u0142 Iwa\u0144czuk","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181"},"headline":"NSX-t IPSec Route base","datePublished":"2020-03-26T12:00:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/"},"wordCount":1173,"commentCount":0,"publisher":{"@id":"https:\/\/www.safekom.pl\/blog\/#organization"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1","keywords":["bgp","get bgp neighbor summary","get ipsecvpn ikesa active","get ipsecvpn session","ike","ipsec","NSX","NSX-T","nsx-t 2.5","NSX-t IPSec Route base","vmware","vyos"],"articleSection":["NSX","Vmware","Vyos"],"inLanguage":"pl-PL","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/","url":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/","name":"NSX-t IPSec Route base do Vyosa - SafeKom Blog","isPartOf":{"@id":"https:\/\/www.safekom.pl\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/#primaryimage"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1","datePublished":"2020-03-26T12:00:39+00:00","description":"Opis jak skonfigurowa\u0107 krok po kroku NSX-t IPSec Route base. Partnerem sesji IPSec dla NSX-t jest Vyos. NSX-t IPSec Route base","breadcrumb":{"@id":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/#breadcrumb"},"inLanguage":"pl-PL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/"]}]},{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/#primaryimage","url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1","width":1012,"height":946},{"@type":"BreadcrumbList","@id":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/www.safekom.pl\/blog\/"},{"@type":"ListItem","position":2,"name":"NSX-t IPSec Route base"}]},{"@type":"WebSite","@id":"https:\/\/www.safekom.pl\/blog\/#website","url":"https:\/\/www.safekom.pl\/blog\/","name":"SafeKom Blog","description":"Notatki Architekta i in\u017cyniera zwi\u0105zanego rozwi\u0105zaniami on-prem","publisher":{"@id":"https:\/\/www.safekom.pl\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.safekom.pl\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pl-PL"},{"@type":"Organization","@id":"https:\/\/www.safekom.pl\/blog\/#organization","name":"SafeKom Blog","url":"https:\/\/www.safekom.pl\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1","width":512,"height":512,"caption":"SafeKom Blog"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/safekompl","https:\/\/x.com\/MIwaczuk","https:\/\/www.linkedin.com\/in\/michaliwanczuk\/"]},{"@type":"Person","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181","name":"Micha\u0142 Iwa\u0144czuk","image":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","caption":"Micha\u0142 Iwa\u0144czuk"},"description":"Pasjonat komputerowy od zawsze oraz maniak w zakresie sieci, wirtualizacji oraz bezpiecze\u0144stwa IT. Kompetentny in\u017cynier z du\u017cym do\u015bwiadczeniem w realizacji projekt\u00f3w informatycznych i telekomunikacyjnych. Wieloletni administrator IT, kt\u00f3ry utrzymuje systemy informatyczne dostosowuj\u0105c je do wymog\u00f3w biznesowych z zapewnieniem dost\u0119pno\u015bci 24\/7\/365.","url":"https:\/\/www.safekom.pl\/blog\/author\/admin\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p7i9ri-Fp","jetpack-related-posts":[{"id":2275,"url":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx-t-routing\/","url_meta":{"origin":2567,"position":0},"title":"NSX-t Routing","author":"Micha\u0142 Iwa\u0144czuk","date":"05.03.2018","format":false,"excerpt":"W poprzednich wpisach pokaza\u0142em jak skonfigurowa\u0107 prawie ca\u0142ego NSX-t, dzi\u015b przyszed\u0142 czas na najciekawsze z perspektywy os\u00f3b zajmuj\u0105cych si\u0119 sieci\u0105 - b\u0119dziemy konfigurowa\u0107 NSX-t Routing. Poni\u017cej plan ca\u0142ej serii po\u015bwi\u0119cony NSX-t: Plan Dzia\u0142ania Poni\u017cej plan dzia\u0142ania oraz odno\u015bniki wcze\u015bniejszych wpis\u00f3w o NSX-T. Instalacja NSX Managera Instalacja NSX-t Controller pod\u0142\u0105czenie ich\u2026","rel":"","context":"W \u201eLab"","block_context":{"text":"Lab","link":"https:\/\/www.safekom.pl\/blog\/en\/category\/lab\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/nsx-t-lab03.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/nsx-t-lab03.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/nsx-t-lab03.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/nsx-t-lab03.png?resize=700%2C400 2x"},"classes":[]},{"id":2332,"url":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx-t-load-balancer\/","url_meta":{"origin":2567,"position":1},"title":"NSX-t Load Balancer","author":"Micha\u0142 Iwa\u0144czuk","date":"24.04.2018","format":false,"excerpt":"W poprzednich wpisach pokaza\u0142em jak skonfigurowa\u0107 prawie ca\u0142ego NSX-t, dzi\u015b przyszed\u0142 czas skonfigurownie NSX-t Load Balancer, kt\u00f3ry jest dost\u0119pny od wersji 2.0. Poni\u017cej plan ca\u0142ej serii po\u015bwi\u0119cony NSX-t: Plan Dzia\u0142ania Poni\u017cej plan dzia\u0142ania oraz odno\u015bniki wcze\u015bniejszych wpis\u00f3w o NSX-T. Instalacja NSX Managera Instalacja NSX-t Controller pod\u0142\u0105czenie ich do NSX Mangera\u2026","rel":"","context":"W \u201eLab"","block_context":{"text":"Lab","link":"https:\/\/www.safekom.pl\/blog\/en\/category\/lab\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2149,"url":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx-t-czas-poznac-rywala\/","url_meta":{"origin":2567,"position":2},"title":"NSX-T czas pozna\u0107 rywala","author":"Micha\u0142 Iwa\u0144czuk","date":"22.01.2018","format":false,"excerpt":"Od d\u0142u\u017cszego czasu zajmuje si\u0119 NSX-v, ale stwierdzi\u0142em, \u017ce czas pozna\u0107 wersj\u0119 multi platform NSX-T. Gdy grudniu 2017 pojawi\u0142a si\u0119 wersja 2.1 mo\u017cna powiedzie\u0107, \u017ce wersja ju\u017c jest w miar\u0119 wygrzana. Poczu\u0142em, \u017ce przyszed\u0142 czas aby rozwi\u0105zanie to pojawi\u0142o si\u0119 w mym labie. Ten wpis otwiera seri\u0119 wpis\u00f3w na temat\u2026","rel":"","context":"W \u201eLab"","block_context":{"text":"Lab","link":"https:\/\/www.safekom.pl\/blog\/en\/category\/lab\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/nsx-t-lab02.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/nsx-t-lab02.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/nsx-t-lab02.png?resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/nsx-t-lab02.png?resize=700%2C400 2x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/nsx-t-lab02.png?resize=1050%2C600 3x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/nsx-t-lab02.png?resize=1400%2C800 4x"},"classes":[]},{"id":2191,"url":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx-t-edge\/","url_meta":{"origin":2567,"position":3},"title":"NSX-t EDGE","author":"Micha\u0142 Iwa\u0144czuk","date":"30.01.2018","format":false,"excerpt":"W poprzednim wpisie pokaza\u0142em jak wygl\u0105da instalacja NSX-t Controler\u00f3w, dzi\u015b przyszed\u0142 czas aby zaj\u0105\u0107 si\u0119 NSX-t EDGE. NSX-t EDGE jest odpowiedzialny za routing w sieci nak\u0142adkowej oraz kontakt ze \u015bwiatem zewn\u0119trznym. Dzi\u015b skupimy si\u0119 na instalacji EDGE oraz pod\u0142\u0105czeniu do NSX Managera. Plan Dzia\u0142ania Poni\u017cej plan dzia\u0142ania oraz odno\u015bniki wcze\u015bniejszych\u2026","rel":"","context":"W \u201eLab"","block_context":{"text":"Lab","link":"https:\/\/www.safekom.pl\/blog\/en\/category\/lab\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2227,"url":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx-t-transport-zone-node\/","url_meta":{"origin":2567,"position":4},"title":"NSX-t transport zone & node","author":"Micha\u0142 Iwa\u0144czuk","date":"20.02.2018","format":false,"excerpt":"Mamy za sob\u0105 ju\u017c zainstalowane modu\u0142y wymagane do poprawnego dzia\u0142ania NSX-t na hostach z vSphere, Dzi\u015b przyszed\u0142 czas na konfiguracj\u0119 NSX-t transport zone i transport node i wszystko to co zwi\u0105zane aby uruchomi\u0107 sie\u0107 L2 w sieci nak\u0142adkowej w NSX-t. Plan Dzia\u0142ania Poni\u017cej plan dzia\u0142ania oraz odno\u015bniki wcze\u015bniejszych wpis\u00f3w o\u2026","rel":"","context":"W \u201eLab"","block_context":{"text":"Lab","link":"https:\/\/www.safekom.pl\/blog\/en\/category\/lab\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":2383,"url":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx-t-upgrade\/","url_meta":{"origin":2567,"position":5},"title":"NSX-t Upgrade","author":"Micha\u0142 Iwa\u0144czuk","date":"28.09.2018","format":false,"excerpt":"W poprzednich wpisach pokaza\u0142em jak skonfigurowa\u0107 NSX-t, dzi\u015b przyszed\u0142 podnie\u015b\u0107 wersj\u0119 do NSX-T 2.3. Poni\u017cej opis ca\u0142ego procesu aktualizacji. Dla przy pomnienia nasz schemat jak wygl\u0105da po\u0142\u0105czenie kart sieciowych Proces Upgrade Logujemy si\u0119 do konsoli NSX-t Managera przechodzimy do System--> Utilitles-->Uprgarde Gdzie klikamy Proceed to Upgrade wgrywamy plik \u015bci\u0105gni\u0119ty z\u2026","rel":"","context":"W \u201eVmware"","block_context":{"text":"Vmware","link":"https:\/\/www.safekom.pl\/blog\/category\/vmware\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=700%2C400 2x"},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts\/2567","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/comments?post=2567"}],"version-history":[{"count":31,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts\/2567\/revisions"}],"predecessor-version":[{"id":2619,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts\/2567\/revisions\/2619"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/media\/2166"}],"wp:attachment":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/media?parent=2567"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/categories?post=2567"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/tags?post=2567"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}