Badar,
You don't even need to use ISAKMP profiles with this. On the VTI add "ip vrf forwarding <VRF_NAME>" Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Badar Farooq Sent: Friday, April 16, 2010 6:33 AM To: [email protected] Subject: [OSL | CCIE_Security] VRF aware ipsec with VTI I am trying to establish a VRF aware ipsec tunnel using VTI. I have tried a million permutations and nothing seems to work. For starters, when I associate the isakmp profile with the vrf and then attach it to ipsec profile, when i apply tunnel protection I get the message ISAKMP Profile attached to IPSec Profile 'ipsec-prof' has vrf configured. Please remove vrf from ISAKMP Profile and reapply tunnel protection. But this appears to be dependent on version. I have tried putting source of the tunnel in the same VRF, different/no VRF, tunnel VRF command, and everything else I can think of... Can somebody create and send a working config for this simple scenario R1 (f0/0)--------------(f0/0)R2 and we need to encrypt traffic between their loopbacks 1.1.1.1 and 2.2.2.2 using vrf aware ipsec and VTI Regards
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
