Ahaan So the PSK will also be without VRF? Because, we need isakmp profile to define keyring associated with a VRF.
The point is, will we define the key as crypto isakmp key 0 SECRET address x.x.x.x in global config without using the isakmp profile? and only add the VRF related configuration on the tunnel itself ? Right after sending the email, i am testing this, so i will be back within 10 minutes Regards On Fri, Apr 16, 2010 at 4:37 PM, Tyson Scott <[email protected]> wrote: > Badar, > > > > You don't even need to use ISAKMP profiles with this. > > > > On the VTI add "ip vrf forwarding <VRF_NAME>" > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Badar Farooq > *Sent:* Friday, April 16, 2010 6:33 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] VRF aware ipsec with VTI > > > > I am trying to establish a VRF aware ipsec tunnel using VTI. > I have tried a million permutations and nothing seems to work. For > starters, when I associate the isakmp profile with the vrf and then attach > it to ipsec profile, when i apply tunnel protection I get the message > > > ISAKMP Profile attached to IPSec Profile 'ipsec-prof' has vrf configured. > Please remove vrf from ISAKMP Profile and reapply tunnel protection. > > But this appears to be dependent on version. > > I have tried putting source of the tunnel in the same VRF, different/no > VRF, tunnel VRF command, and everything else I can think of... > > Can somebody create and send a working config for this simple scenario > > R1 (f0/0)--------------(f0/0)R2 and we need to encrypt traffic between > their loopbacks 1.1.1.1 and 2.2.2.2 using vrf aware ipsec and VTI > > > Regards >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
