diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg index f09eaa2f2e3..f4faa9404e8 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder.cfg @@ -176,28 +176,13 @@ vrf instance MGMT ! ip security ! - ike policy DP-IKE-POLICY - local-id 192.168.144.1 - ! ike policy CP-IKE-POLICY local-id 192.168.144.1 ! - sa policy DP-SA-POLICY - esp encryption aes128 - pfs dh-group 14 - ! sa policy CP-SA-POLICY esp encryption aes128 pfs dh-group 14 ! - profile DP-PROFILE - ike-policy DP-IKE-POLICY - sa-policy DP-SA-POLICY - connection start - shared-key 7 ABCDEF1234567890666 - dpd 10 50 clear - mode transport - ! profile CP-PROFILE ike-policy CP-IKE-POLICY sa-policy CP-SA-POLICY diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg index 67a8e5651ff..6d7a5d37ea3 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder1.cfg @@ -179,28 +179,13 @@ vrf instance MGMT ! ip security ! - ike policy DP-IKE-POLICY - local-id 192.168.144.2 - ! ike policy CP-IKE-POLICY local-id 192.168.144.2 ! - sa policy DP-SA-POLICY - esp encryption aes128 - pfs dh-group 14 - ! sa policy CP-SA-POLICY esp encryption aes128 pfs dh-group 14 ! - profile DP-PROFILE - ike-policy DP-IKE-POLICY - sa-policy DP-SA-POLICY - connection start - shared-key 7 ABCDEF1234567890666 - dpd 10 50 clear - mode transport - ! profile CP-PROFILE ike-policy CP-IKE-POLICY sa-policy CP-SA-POLICY diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg index 140ea6342ab..3bbd3706a21 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/configs/cv-pathfinder-pathfinder2.cfg @@ -186,28 +186,13 @@ vrf instance MGMT ! ip security ! - ike policy DP-IKE-POLICY - local-id 192.168.144.3 - ! ike policy CP-IKE-POLICY local-id 192.168.144.3 ! - sa policy DP-SA-POLICY - esp encryption aes128 - pfs dh-group 14 - ! sa policy CP-SA-POLICY esp encryption aes128 pfs dh-group 14 ! - profile DP-PROFILE - ike-policy DP-IKE-POLICY - sa-policy DP-SA-POLICY - connection start - shared-key 7 ABCDEF1234567890666 - dpd 10 50 clear - mode transport - ! profile CP-PROFILE ike-policy CP-IKE-POLICY sa-policy CP-SA-POLICY diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml index 678e8754783..1cc196baab7 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder.yml @@ -160,30 +160,14 @@ flow_tracking: shutdown: false ip_security: ike_policies: - - name: DP-IKE-POLICY - local_id: 192.168.144.1 - name: CP-IKE-POLICY local_id: 192.168.144.1 sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes128 - pfs_dh_group: 14 - name: CP-SA-POLICY esp: encryption: aes128 pfs_dh_group: 14 profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - name: CP-PROFILE ike_policy: CP-IKE-POLICY sa_policy: CP-SA-POLICY diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml index 5896dc93c5f..f8841043e17 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder1.yml @@ -169,30 +169,14 @@ flow_tracking: shutdown: false ip_security: ike_policies: - - name: DP-IKE-POLICY - local_id: 192.168.144.2 - name: CP-IKE-POLICY local_id: 192.168.144.2 sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes128 - pfs_dh_group: 14 - name: CP-SA-POLICY esp: encryption: aes128 pfs_dh_group: 14 profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - name: CP-PROFILE ike_policy: CP-IKE-POLICY sa_policy: CP-SA-POLICY diff --git a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml index c41d84eb6a0..f9bad180672 100644 --- a/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml +++ b/ansible_collections/arista/avd/molecule/eos_designs_unit_tests/intended/structured_configs/cv-pathfinder-pathfinder2.yml @@ -176,30 +176,14 @@ flow_tracking: shutdown: false ip_security: ike_policies: - - name: DP-IKE-POLICY - local_id: 192.168.144.3 - name: CP-IKE-POLICY local_id: 192.168.144.3 sa_policies: - - name: DP-SA-POLICY - esp: - encryption: aes128 - pfs_dh_group: 14 - name: CP-SA-POLICY esp: encryption: aes128 pfs_dh_group: 14 profiles: - - name: DP-PROFILE - ike_policy: DP-IKE-POLICY - sa_policy: DP-SA-POLICY - connection: start - shared_key: ABCDEF1234567890666 - dpd: - interval: 10 - time: 50 - action: clear - mode: transport - name: CP-PROFILE ike_policy: CP-IKE-POLICY sa_policy: CP-SA-POLICY diff --git a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py index 5928da1aa9d..ac6025582b6 100644 --- a/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py +++ b/ansible_collections/arista/avd/roles/eos_designs/python_modules/overlay/ip_security.py @@ -35,7 +35,7 @@ def ip_security(self) -> dict | None: # Structure initialization ip_security = {"ike_policies": [], "sa_policies": [], "profiles": []} - if (data_plane := get(wan_ipsec_profiles, "data_plane")) is not None: + if self.shared_utils.wan_role == "client" and (data_plane := get(wan_ipsec_profiles, "data_plane")) is not None: self._append_data_plane(ip_security, data_plane) control_plane = get(wan_ipsec_profiles, "control_plane", required=True) self._append_control_plane(ip_security, control_plane)