| Hi Badar,
do you want to put the traffic coming out of the tunnel into a vrf?
You can then use the command tunnel vrf <vrfname> on the tunnel interface.
I don't know if you have access to the Cisco Networkers presentations? The one in 2008 (and in 2009 as well, barcelona) had an advanced dmvpn session, that explains it.
Kind regards Pieter-Jan On 16 apr 2010, at 12:33, Badar Farooq wrote: I am trying to establish a VRF aware ipsec tunnel using VTI.
I have tried a million permutations and nothing seems to work. For starters, when I associate the isakmp profile with the vrf and then attach it to ipsec profile, when i apply tunnel protection I get the message
ISAKMP Profile attached to IPSec Profile 'ipsec-prof' has vrf configured.
Please remove vrf from ISAKMP Profile and reapply tunnel protection.
But this appears to be dependent on version.
I have tried putting source of the tunnel in the same VRF, different/no VRF, tunnel VRF command, and everything else I can think of...
Can somebody create and send a working config for this simple scenario
R1 (f0/0)--------------(f0/0)R2 and we need to encrypt traffic between their loopbacks 1.1.1.1 and 2.2.2.2 using vrf aware ipsec and VTI
Regards
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
 Think before you print.
|
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
